Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

ECL PIPE() function should be locked down

Description

By default, PIPE() is allowed to execute any command. This should, instead, be limited by default. Options include:

  • Default the allowed commands to 'none' instead of 'any'.

  • Allow only signed code to execute PIPE() if 'any' command is allowed.

FYI

Conclusion

None

Activity

Show:

Jacob Cobbett-Smith April 6, 2023 at 9:06 AM

NB: the way that this was noticed was that in a containerized managed to use kubectl via PIPE to interact with k8s/pods !

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Components

Assignee

Reporter

Priority

Fix versions

Pull Request URL

Created April 4, 2023 at 2:52 PM
Updated July 12, 2023 at 11:19 AM
Resolved May 17, 2023 at 3:30 PM