From 265331c48dab74cc43f43dc1da570860c4def38c Mon Sep 17 00:00:00 2001 From: Evan-Adam <152897682+Evan-Adam@users.noreply.github.com> Date: Mon, 26 May 2025 09:29:18 +0200 Subject: [PATCH] CTOR-1649-plugin-apps-nmap-cli-need-to-secure-the-execution-of-commands (#5596) --- src/apps/nmap/cli/mode/discovery.pm | 5 +-- src/centreon/plugins/misc.pm | 37 ++++++++++++++++++----- src/centreon/plugins/script_custom/cli.pm | 3 +- 3 files changed, 34 insertions(+), 11 deletions(-) diff --git a/src/apps/nmap/cli/mode/discovery.pm b/src/apps/nmap/cli/mode/discovery.pm index c2383ad38..d91a22562 100644 --- a/src/apps/nmap/cli/mode/discovery.pm +++ b/src/apps/nmap/cli/mode/discovery.pm @@ -115,8 +115,9 @@ sub run { my ($stdout) = $options{custom}->execute_command( command => 'nmap', command_options => $self->{option_results}->{nmap_options}, - command_options_suffix => $self->{option_results}->{subnet} . ' 2> /dev/null', - timeout => 120 + command_options_suffix => $self->{option_results}->{subnet}, + timeout => 120, + no_shell_interpretation => 1 ); my $results = $self->decode_xml_response( diff --git a/src/centreon/plugins/misc.pm b/src/centreon/plugins/misc.pm index b44cd710c..b6bbe27e6 100644 --- a/src/centreon/plugins/misc.pm +++ b/src/centreon/plugins/misc.pm @@ -177,15 +177,27 @@ sub unix_execute { } else { $cmd = 'sudo ' if (defined($options{sudo})); $cmd .= $options{command_path} . '/' if (defined($options{command_path})); - $cmd .= $options{command} . ' ' if (defined($options{command})); - $cmd .= $options{command_options} if (defined($options{command_options})); + $cmd .= $options{command} if (defined($options{command})); + $cmd .= ' ' . $options{command_options} if (defined($options{command_options})); - ($lerror, $stdout, $exit_code) = backtick( - command => $cmd, - timeout => $options{options}->{timeout}, - wait_exit => $wait_exit, - redirect_stderr => $redirect_stderr - ); + if (defined($options{no_shell_interpretation}) and $options{no_shell_interpretation} ne '') { + my @args = split(' ',$cmd); + ($lerror, $stdout, $exit_code) = backtick( + command => $args[0], + arguments => [@args[1.. $#args]], + timeout => $options{options}->{timeout}, + wait_exit => $wait_exit, + redirect_stderr => $redirect_stderr + ); + } + else { + ($lerror, $stdout, $exit_code) = backtick( + command => $cmd, + timeout => $options{options}->{timeout}, + wait_exit => $wait_exit, + redirect_stderr => $redirect_stderr + ); + } } if (defined($options{options}->{show_output}) && @@ -863,6 +875,15 @@ Executes a command on Unix and returns the output. =item * C - Timeout for the command execution. +=item * C - bool. + +=item * C - bool. + +=item * C - bool prepend sudo to the command executed. + +=item * C - bool don't use sh interpolation on command executed + + =back =back diff --git a/src/centreon/plugins/script_custom/cli.pm b/src/centreon/plugins/script_custom/cli.pm index 46d2542a7..8ef74e25d 100644 --- a/src/centreon/plugins/script_custom/cli.pm +++ b/src/centreon/plugins/script_custom/cli.pm @@ -129,7 +129,8 @@ sub execute_command { command => defined($self->{option_results}->{command}) && $self->{option_results}->{command} ne '' ? $self->{option_results}->{command} : $options{command}, command_path => defined($self->{option_results}->{command_path}) && $self->{option_results}->{command_path} ne '' ? $self->{option_results}->{command_path} : $options{command_path}, command_options => $command_options, - no_quit => $options{no_quit} + no_quit => $options{no_quit}, + no_shell_interpretation => $options{no_shell_interpretation} ); }