Refactor subprocess calls in analysis plugins for better robustness and security#1446
Open
RinZ27 wants to merge 1 commit intofkie-cad:masterfrom
Open
Refactor subprocess calls in analysis plugins for better robustness and security#1446RinZ27 wants to merge 1 commit intofkie-cad:masterfrom
RinZ27 wants to merge 1 commit intofkie-cad:masterfrom
Conversation
RinZ27
force-pushed
the
refactor/subprocess-robustness
branch
from
50f06a1 to
dd9ecf5
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #1446 +/- ##
==========================================
- Coverage 92.44% 92.43% -0.01%
==========================================
Files 370 370
Lines 20839 20814 -25
==========================================
- Hits 19264 19240 -24
+ Misses 1575 1574 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
RinZ27
force-pushed
the
refactor/subprocess-robustness
branch
from
dff2d2e to
ffe6443
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Subprocess calls using
shell=Trueand string formatting were identified in several analysis plugins, which can lead to fragility or security risks when handling firmware files with special characters in their names. While these components primarily run internally, I noticed that filenames containing spaces or shell-sensitive characters could potentially lead to command injection or simple execution failures during processing.Switching these calls to use list-based arguments with
shell=Falseensures that the OS handles argument parsing directly. I've focused these changes on theqemu_execandfile_system_metadataplugins, as well as the signature compilation script, to improve overall system reliability when processing untrusted input.Cleaned up logic in
start_binary.pyspecifically addresses a high-risk area wheresys.argvinputs were interpolated directly into shell commands. Similar improvements were applied to themount.pyscript to ensure that mounting operations are robust against malformed paths.