From f02f32456e5e7bad29fd9aff2d0089cf5eb492df Mon Sep 17 00:00:00 2001 From: ssongliu Date: Sun, 25 Jun 2023 18:31:34 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E8=A7=A3=E5=86=B3=E7=BB=88=E7=AB=AF?= =?UTF-8?q?=E8=BF=9E=E6=8E=A5=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/app/api/v1/terminal.go | 6 +++--- backend/utils/terminal/local_cmd.go | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/backend/app/api/v1/terminal.go b/backend/app/api/v1/terminal.go index 6082d0d4b..041089763 100644 --- a/backend/app/api/v1/terminal.go +++ b/backend/app/api/v1/terminal.go @@ -163,11 +163,11 @@ func (b *BaseApi) ContainerWsSsh(c *gin.Context) { } defer wsConn.Close() - cmds := fmt.Sprintf("docker exec %s %s", containerID, command) + cmds := []string{"exec", containerID, command} if len(user) != 0 { - cmds = fmt.Sprintf("docker exec -u %s %s %s", user, containerID, command) + cmds = []string{"exec", "-u", user, containerID, command} } - stdout, err := cmd.Exec(cmds) + stdout, err := cmd.ExecWithCheck("docker", cmds...) if wshandleError(wsConn, errors.WithMessage(err, stdout)) { return } diff --git a/backend/utils/terminal/local_cmd.go b/backend/utils/terminal/local_cmd.go index 85c0c7512..c9397b56e 100644 --- a/backend/utils/terminal/local_cmd.go +++ b/backend/utils/terminal/local_cmd.go @@ -8,6 +8,7 @@ import ( "unsafe" "github.com/1Panel-dev/1Panel/backend/global" + "github.com/1Panel-dev/1Panel/backend/utils/cmd" "github.com/creack/pty" "github.com/pkg/errors" ) @@ -26,6 +27,9 @@ type LocalCommand struct { } func NewCommand(commands string) (*LocalCommand, error) { + if cmd.CheckIllegal(commands) { + return nil, errors.New("There are invalid characters in the command you're executing.") + } cmd := exec.Command("sh", "-c", commands) pty, err := pty.Start(cmd)