diff --git a/CHANGELOG.md b/CHANGELOG.md index 7db3800c..8e755e68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Fixed check when submitted an empty batch file on `POST /compute/jobs/upload` - Fixed error message when `GET /status/systems` encounters error in one filesystem - Fixed SSH connection error catching +- Fixed secured "ssh-keygen" command execution ### Changed diff --git a/src/certificator/certificator.py b/src/certificator/certificator.py index 970f99a8..9e9a88c4 100644 --- a/src/certificator/certificator.py +++ b/src/certificator/certificator.py @@ -446,21 +446,33 @@ def receive(): app.logger.error(f"Forbidden char on command or option: {force_command} {force_opt}") return jsonify(description='Invalid command'), 400 - force_command = f"-O force-command=\"{force_command} {force_opt}\"" - force_command = force_command.replace('$', '\$') # create temp dir to store certificate for this request td = tempfile.mkdtemp(prefix = "cert") os.symlink(PUB_USER_KEY_PATH, f"{td}/user-key.pub") # link on temp dir - command = f"ssh-keygen -s {CA_KEY_PATH} -n {username} -V {ssh_expire} -I {CA_KEY_PATH} {force_command} {td}/user-key.pub " - + command = ["ssh-keygen", + "-s", + f"{CA_KEY_PATH}", + "-n", + f"{username}", + "-V", + f"{ssh_expire}", + "-I", + f"{CA_KEY_PATH}", + "-O", + f"force-command={force_command} {force_opt}", + f"{td}/user-key.pub" + ] + except Exception as e: logging.error(e) return jsonify(description=f"Error creating certificate: {e}", error=-1), 400 + try: - result = subprocess.check_output([command], shell=True) + #To prvent shell hijacking don't run commands with shell=True + result = subprocess.run(command, shell=False, check=True) with open(td + '/user-key-cert.pub', 'r') as cert_file: cert = cert_file.read()