Improve Security #61
Description
Need to spend some quality time evaluating the security boundaries of the package and looking for issues. Anything found should either be a) fixed or b) risk accepted and clearly documented for end users.
SECURITY CONCERNS:
- Cache file is untrusted (refactor-specific)
- Results from command invocations are untrusted
- Double-check validation of results before returning
- Validate arguments to get_mac_address() to avoid command injection
- Data types
- IPv4/IPv6 addresses
- Interface names
- Path traversal ( Path traversal mitigation #51 )
- Better document security concerns/boundaries
- Ability to make network requests in (document instances)
- Commands that are executed
- File reads
- Environment being passed to subprocesses + env variables used (for instance, we're invoking subprocess to a potentially untrusted executable with our parent environment, which could include secret tokens like API keys or credentials)
- Modifying PATH with /sbin and /usr/sbin
Contributors: please feel free to help out with any of these! Open a PR and mention this issue in the description of the PR. It can be as simple as documentation of the risk or raising user awareness.
The majority of developers using this package are not security experts, and many likely have little or no training or experience with security issues. Therefore any documentation shouldn't assume knowledge and should take the opportunity to educate (when feasible).