Page MenuHomePhabricator

Shellbox command validation
Open, Needs TriagePublic

Description

Shellbox command validation component.

Implementation work on a parser for UNIX shell commands is underway. The concept is to extract a feature flag list (pipelines, variable expansion, subshells, etc.) and a list of literal arguments.

Configuration will specify a whitelist of allowed features. Arguments may be specified to be either a fixed string literal or a valid relative path.

Relative paths are expected as command-line arguments in Shellbox since input and output files are placed in an otherwise empty working directory.

Event Timeline

Change 656012 had a related patch set uploaded (by Tim Starling; owner: Tim Starling):
[mediawiki/libs/Shellbox@master] Server-side shell command validation

https://gerrit.wikimedia.org/r/656012

Change 656012 merged by jenkins-bot:
[mediawiki/libs/Shellbox@master] Server-side shell command validation

https://gerrit.wikimedia.org/r/656012