CTOR-1649-plugin-apps-nmap-cli-need-to-secure-the-execution-of-commands (#5596)

src/apps/nmap/cli/mode/discovery.pm

@@ -115,8 +115,9 @@ sub run {
     my ($stdout) = $options{custom}->execute_command(
         command => 'nmap',
         command_options => $self->{option_results}->{nmap_options},
-        command_options_suffix => $self->{option_results}->{subnet} . ' 2> /dev/null',
+        command_options_suffix => $self->{option_results}->{subnet},
-        timeout => 120
+        timeout => 120,
+        no_shell_interpretation => 1
     );
 
     my $results = $self->decode_xml_response(

src/centreon/plugins/misc.pm

@@ -177,9 +177,20 @@ sub unix_execute {
     } else {
         $cmd = 'sudo ' if (defined($options{sudo}));
         $cmd .= $options{command_path} . '/' if (defined($options{command_path}));
-        $cmd .= $options{command} . ' ' if (defined($options{command}));
+        $cmd .= $options{command} if (defined($options{command}));
-        $cmd .= $options{command_options} if (defined($options{command_options}));
+        $cmd .= ' ' . $options{command_options} if (defined($options{command_options}));
 
+        if (defined($options{no_shell_interpretation}) and $options{no_shell_interpretation} ne '') {
+            my @args = split(' ',$cmd);
+            ($lerror, $stdout, $exit_code) = backtick(
+                command         => $args[0],
+                arguments       => [@args[1.. $#args]],
+                timeout         => $options{options}->{timeout},
+                wait_exit       => $wait_exit,
+                redirect_stderr => $redirect_stderr
+            );
+        }
+        else {
             ($lerror, $stdout, $exit_code) = backtick(
                 command         => $cmd,
                 timeout         => $options{options}->{timeout},
@@ -187,6 +198,7 @@ sub unix_execute {
                 redirect_stderr => $redirect_stderr
             );
         }
+    }
 
     if (defined($options{options}->{show_output}) && 
         ($options{options}->{show_output} eq '' || (defined($options{label}) && $options{label} eq $options{options}->{show_output}))) {
@@ -863,6 +875,15 @@ Executes a command on Unix and returns the output.
 
 =item * C<timeout> - Timeout for the command execution.
 
+=item * C<wait_exit> - bool.
+
+=item * C<redirect_stderr> - bool.
+
+=item * C<sudo> - bool prepend sudo to the command executed.
+
+=item * C<no_shell_interpretation> - bool don't use sh interpolation on command executed
+
+
 =back
 
 =back

src/centreon/plugins/script_custom/cli.pm

@@ -129,7 +129,8 @@ sub execute_command {
             command => defined($self->{option_results}->{command}) && $self->{option_results}->{command} ne '' ? $self->{option_results}->{command} : $options{command},
             command_path => defined($self->{option_results}->{command_path}) && $self->{option_results}->{command_path} ne '' ? $self->{option_results}->{command_path} : $options{command_path},
             command_options => $command_options,
-            no_quit => $options{no_quit}
+            no_quit => $options{no_quit},
+            no_shell_interpretation => $options{no_shell_interpretation}
         );
     }