CTOR-1649-plugin-apps-nmap-cli-need-to-secure-the-execution-of-commands (#5596)

2025-07-27 07:34:35 +02:00 · 2025-05-26 09:29:18 +02:00 · 2025-05-26 09:29:18 +02:00 · 265331c48d
commit 265331c48d
parent c674f133d6
3 changed files with 34 additions and 11 deletions
--- a/src/apps/nmap/cli/mode/discovery.pm
+++ b/src/apps/nmap/cli/mode/discovery.pm
@ -115,8 +115,9 @@ sub run {
    my ($stdout) = $options{custom}->execute_command(
        command => 'nmap',
        command_options => $self->{option_results}->{nmap_options},
-        command_options_suffix => $self->{option_results}->{subnet} . ' 2> /dev/null',
-        timeout => 120
+        command_options_suffix => $self->{option_results}->{subnet},
+        timeout => 120,
+        no_shell_interpretation => 1
    );

    my $results = $self->decode_xml_response(
--- a/src/centreon/plugins/misc.pm
+++ b/src/centreon/plugins/misc.pm
@ -177,15 +177,27 @@ sub unix_execute {
    } else {
        $cmd = 'sudo ' if (defined($options{sudo}));
        $cmd .= $options{command_path} . '/' if (defined($options{command_path}));
-        $cmd .= $options{command} . ' ' if (defined($options{command}));
-        $cmd .= $options{command_options} if (defined($options{command_options}));
+        $cmd .= $options{command} if (defined($options{command}));
+        $cmd .= ' ' . $options{command_options} if (defined($options{command_options}));

-        ($lerror, $stdout, $exit_code) = backtick(
-            command => $cmd,
-            timeout => $options{options}->{timeout},
-            wait_exit => $wait_exit,
-            redirect_stderr => $redirect_stderr
-        );
+        if (defined($options{no_shell_interpretation}) and $options{no_shell_interpretation} ne '') {
+            my @args = split(' ',$cmd);
+            ($lerror, $stdout, $exit_code) = backtick(
+                command         => $args[0],
+                arguments       => [@args[1.. $#args]],
+                timeout         => $options{options}->{timeout},
+                wait_exit       => $wait_exit,
+                redirect_stderr => $redirect_stderr
+            );
+        }
+        else {
+            ($lerror, $stdout, $exit_code) = backtick(
+                command         => $cmd,
+                timeout         => $options{options}->{timeout},
+                wait_exit       => $wait_exit,
+                redirect_stderr => $redirect_stderr
+            );
+        }
    }

    if (defined($options{options}->{show_output}) && 
@ -863,6 +875,15 @@ Executes a command on Unix and returns the output.

 =item * C<timeout> - Timeout for the command execution.

+=item * C<wait_exit> - bool.
+
+=item * C<redirect_stderr> - bool.
+
+=item * C<sudo> - bool prepend sudo to the command executed.
+
+=item * C<no_shell_interpretation> - bool don't use sh interpolation on command executed
+
+
 =back

 =back
--- a/src/centreon/plugins/script_custom/cli.pm
+++ b/src/centreon/plugins/script_custom/cli.pm
@ -129,7 +129,8 @@ sub execute_command {
            command => defined($self->{option_results}->{command}) && $self->{option_results}->{command} ne '' ? $self->{option_results}->{command} : $options{command},
            command_path => defined($self->{option_results}->{command_path}) && $self->{option_results}->{command_path} ne '' ? $self->{option_results}->{command_path} : $options{command_path},
            command_options => $command_options,
-            no_quit => $options{no_quit}
+            no_quit => $options{no_quit},
+            no_shell_interpretation => $options{no_shell_interpretation}
        );
    }