Page MenuHomePhabricator

Shellbox command validation
Open, Needs TriagePublic

Description

Shellbox command validation component.

Implementation work on a parser for UNIX shell commands is underway. The concept is to extract a feature flag list (pipelines, variable expansion, subshells, etc.) and a list of literal arguments.

Configuration will specify a whitelist of allowed features. Arguments may be specified to be either a fixed string literal or a valid relative path.

Relative paths are expected as command-line arguments in Shellbox since input and output files are placed in an otherwise empty working directory.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 9 2020, 10:21 AM

Change 656012 had a related patch set uploaded (by Tim Starling; owner: Tim Starling):
[mediawiki/libs/Shellbox@master] Server-side shell command validation

https://gerrit.wikimedia.org/r/656012