Use shellescape in more potentially dangerous places

driver/pot.go

@@ -14,6 +14,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/alessio/shellescape"
 	"github.com/armon/circbuf"
 	"github.com/creack/pty"
 	hclog "github.com/hashicorp/go-hclog"
@@ -240,7 +241,7 @@ func (s *syexec) createContainer(commandCfg *drivers.TaskConfig) error {
 			message := potBIN + " " + command
 			s.logger.Debug("Setting pot attributes: ", message)
 
-			cmdAttr := potBIN + " " + command
+			cmdAttr := shellescape.Quote(potBIN) + " " + command
 			output, err := exec.Command("sh", "-c", cmdAttr).Output()
 			if err != nil {
 				if exitError, ok := err.(*exec.ExitError); ok {
@@ -260,7 +261,7 @@ func (s *syexec) createContainer(commandCfg *drivers.TaskConfig) error {
 			message := potBIN + " " + command
 			s.logger.Debug("Copying files on jail: ", message)
 
-			cmdFiles := potBIN + " " + command
+			cmdFiles := shellescape.Quote(potBIN) + " " + command
 			output, err := exec.Command("sh", "-c", cmdFiles).Output()
 			if err != nil {
 				if exitError, ok := err.(*exec.ExitError); ok {
@@ -280,7 +281,7 @@ func (s *syexec) createContainer(commandCfg *drivers.TaskConfig) error {
 			message := potBIN + " " + command
 			s.logger.Debug("Mounting files on jail: ", message)
 
-			cmdVolumes := potBIN + " " + command
+			cmdVolumes := shellescape.Quote(potBIN) + " " + command
 			output, err := exec.Command("sh", "-c", cmdVolumes).Output()
 			if err != nil {
 				if exitError, ok := err.(*exec.ExitError); ok {
@@ -299,7 +300,7 @@ func (s *syexec) createContainer(commandCfg *drivers.TaskConfig) error {
 			message := potBIN + " " + command
 			s.logger.Debug("Mounting READ only files on jail: ", message)
 
-			cmdVolumesRO := potBIN + " " + command
+			cmdVolumesRO := shellescape.Quote(potBIN) + " " + command
 			output, err := exec.Command("sh", "-c", cmdVolumesRO).Output()
 			if err != nil {
 				if exitError, ok := err.(*exec.ExitError); ok {

driver/prepare.go

@@ -83,11 +83,11 @@ func prepareContainer(cfg *drivers.TaskConfig, taskCfg TaskConfig) (syexec, erro
 	potName := baseName + "_" + jobIDAllocID
 
 	//Mount local
-	commandLocal := "mount-in -p " + potName + " -d " + cfg.TaskDir().LocalDir + " -m /local"
+	commandLocal := "mount-in -p " + shellescape.Quote(potName) + " -d " + shellescape.Quote(cfg.TaskDir().LocalDir) + " -m /local"
 	se.argvMount = append(se.argvMount, commandLocal)
 
 	//Mount secrets
-	commandSecret := "mount-in -p " + potName + " -d " + cfg.TaskDir().SecretsDir + " -m /secrets"
+	commandSecret := "mount-in -p " + shellescape.Quote(potName) + " -d " + shellescape.Quote(cfg.TaskDir().SecretsDir) + " -m /secrets"
 	se.argvMount = append(se.argvMount, commandSecret)
 
 	if len(taskCfg.Copy) > 0 {
@@ -96,7 +96,7 @@ func prepareContainer(cfg *drivers.TaskConfig, taskCfg TaskConfig) (syexec, erro
 			split := strings.SplitN(file, ":", 2)
 			source := split[0]
 			destination := split[1]
-			command := "copy-in -p " + potName + " -s " + source + " -d " + destination
+			command := "copy-in -p " + shellescape.Quote(potName) + " -s " + shellescape.Quote(source) + " -d " + shellescape.Quote(destination)
 			argvCopy = append(argvCopy, command)
 		}
 		se.argvCopy = argvCopy
@@ -107,7 +107,7 @@ func prepareContainer(cfg *drivers.TaskConfig, taskCfg TaskConfig) (syexec, erro
 			split := strings.Split(file, ":")
 			source := split[0]
 			destination := split[1]
-			command := "mount-in -p " + potName + " -d " + source + " -m " + destination
+			command := "mount-in -p " + shellescape.Quote(potName) + " -d " + shellescape.Quote(source) + " -m " + shellescape.Quote(destination)
 			se.argvMount = append(se.argvMount, command)
 		}
 	}
@@ -118,7 +118,7 @@ func prepareContainer(cfg *drivers.TaskConfig, taskCfg TaskConfig) (syexec, erro
 			split := strings.Split(file, ":")
 			source := split[0]
 			destination := split[1]
-			command := "mount-in -p " + potName + " -d " + source + " -m " + destination + " -r"
+			command := "mount-in -p " + shellescape.Quote(potName) + " -d " + shellescape.Quote(source) + " -m " + shellescape.Quote(destination) + " -r"
 			argvMountReadOnly = append(argvMountReadOnly, command)
 		}
 		se.argvMountReadOnly = argvMountReadOnly
@@ -130,14 +130,14 @@ func prepareContainer(cfg *drivers.TaskConfig, taskCfg TaskConfig) (syexec, erro
 			split := strings.Split(attr, ":")
 			attribute := split[0]
 			value := split[1]
-			command := "set-attribute -p " + potName + " -A " + shellescape.Quote(attribute) + " -V " + shellescape.Quote(value)
+			command := "set-attribute -p " + shellescape.Quote(potName) + " -A " + shellescape.Quote(attribute) + " -V " + shellescape.Quote(value)
 			se.argvAttributes = append(se.argvAttributes, command)
 		}
 	}
 
 	// Set env variables
 	if len(cfg.EnvList()) > 0 {
-		command := potBIN + " set-env -p " + potName + " "
+		command := shellescape.Quote(potBIN) + " set-env -p " + shellescape.Quote(potName) + " "
 		for name, env := range cfg.Env {
 			command = command + " -E " + shellescape.Quote(name) + "=" + shellescape.Quote(env)
 		}
@@ -146,17 +146,17 @@ func prepareContainer(cfg *drivers.TaskConfig, taskCfg TaskConfig) (syexec, erro
 	}
 
 	if len(taskCfg.ExtraHosts) > 0 {
-		hostCommand := potBIN + " set-hosts -p " + potName
+		hostCommand := shellescape.Quote(potBIN) + " set-hosts -p " + shellescape.Quote(potName)
 		for _, host := range taskCfg.ExtraHosts {
-			hostCommand = hostCommand + " -H " + host
+			hostCommand = hostCommand + " -H " + shellescape.Quote(host)
 		}
 		se.argvExtraHosts = hostCommand
 	}
 
 	//Set soft memory limit
 	memoryLimit := cfg.Resources.NomadResources.Memory.MemoryMB
 	sMemoryLimit := strconv.FormatInt(memoryLimit, 10)
-	argvMem := potBIN + " set-rss -M " + sMemoryLimit + "M -p " + potName
+	argvMem := shellescape.Quote(potBIN) + " set-rss -M " + sMemoryLimit + "M -p " + potName
 	se.argvMem = argvMem
 
 	argvStart := make([]string, 0, 50)