spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure external input is shell escaped

Browse Source
This commit is contained in:
Donal McBreen
2025-01-17 12:28:59 +00:00
parent a1708f687f
commit 5e2678dece
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/kamal/secrets/adapters/bitwarden_secrets_manager.rb
View File

@@ -18,7 +18,7 @@ class Kamal::Secrets::Adapters::BitwardenSecretsManager < Kamal::Secrets::Adapte
{}.tap do |results| {}.tap do |results|
if command.nil? if command.nil?
secrets.each do |secret_uuid| secrets.each do |secret_uuid|
secret = run_command("#{GET_COMMAND} #{secret_uuid}") secret = run_command("#{GET_COMMAND} #{secret_uuid.shellescape}")
raise RuntimeError, "Could not read #{secret_uuid} from Bitwarden Secrets Manager" unless $?.success? raise RuntimeError, "Could not read #{secret_uuid} from Bitwarden Secrets Manager" unless $?.success?
key, value = parse_secret(secret) key, value = parse_secret(secret)
results[key] = value results[key] = value
@@ -40,7 +40,7 @@ class Kamal::Secrets::Adapters::BitwardenSecretsManager < Kamal::Secrets::Adapte
[ LIST_COMMAND, nil ] [ LIST_COMMAND, nil ]
elsif secrets[0].end_with?(LIST_ALL_FROM_PROJECT_SUFFIX) elsif secrets[0].end_with?(LIST_ALL_FROM_PROJECT_SUFFIX)
project = secrets[0].split(LIST_ALL_FROM_PROJECT_SUFFIX).first project = secrets[0].split(LIST_ALL_FROM_PROJECT_SUFFIX).first
[ "#{LIST_COMMAND} #{project}", project ] [ "#{LIST_COMMAND} #{project.shellescape}", project ]
end end
end end
end end