acepanel/panel
2
0
Fork 0
mirror of https://github.com/acepanel/panel.git synced 2026-02-04 10:17:17 +08:00
Code Issues Packages Releases Activity

fix: 加回旧版的arg检查

Browse Source
This commit is contained in:
耗子
2024-10-23 22:51:18 +08:00
parent 3c8f606d45
commit 9db30ac11b
1 changed files with 35 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
pkg/shell/exec.go
View File

@@ -8,15 +8,19 @@ import (
"io"
"os"
"os/exec"
"slices"
"strings"
"time"
)
// Execf 执行 shell 命令
func Execf(shell string, args ...any) (string, error) {
var cmd *exec.Cmd
if !preCheckArg(args) {
return "", errors.New("command contains illegal characters")
}
_ = os.Setenv("LC_ALL", "C")
cmd = exec.Command("bash", "-c", fmt.Sprintf(shell, args...))
cmd := exec.Command("bash", "-c", fmt.Sprintf(shell, args...))
var stdout, stderr bytes.Buffer
cmd.Stdout = &stdout
@@ -32,9 +36,12 @@ func Execf(shell string, args ...any) (string, error) {
// ExecfAsync 异步执行 shell 命令
func ExecfAsync(shell string, args ...any) error {
var cmd *exec.Cmd
if !preCheckArg(args) {
return errors.New("command contains illegal characters")
}
_ = os.Setenv("LC_ALL", "C")
cmd = exec.Command("bash", "-c", fmt.Sprintf(shell, args...))
cmd := exec.Command("bash", "-c", fmt.Sprintf(shell, args...))
err := cmd.Start()
if err != nil {
@@ -52,9 +59,12 @@ func ExecfAsync(shell string, args ...any) error {
// ExecfWithTimeout 执行 shell 命令并设置超时时间
func ExecfWithTimeout(timeout time.Duration, shell string, args ...any) (string, error) {
var cmd *exec.Cmd
if !preCheckArg(args) {
return "", errors.New("command contains illegal characters")
}
_ = os.Setenv("LC_ALL", "C")
cmd = exec.Command("bash", "-c", fmt.Sprintf(shell, args...))
cmd := exec.Command("bash", "-c", fmt.Sprintf(shell, args...))
var stdout, stderr bytes.Buffer
cmd.Stdout = &stdout
@@ -85,6 +95,10 @@ func ExecfWithTimeout(timeout time.Duration, shell string, args ...any) (string,
// ExecfWithOutput 执行 shell 命令并输出到终端
func ExecfWithOutput(shell string, args ...any) error {
if !preCheckArg(args) {
return errors.New("command contains illegal characters")
}
_ = os.Setenv("LC_ALL", "C")
cmd := exec.Command("bash", "-c", fmt.Sprintf(shell, args...))
cmd.Stdout = os.Stdout
@@ -95,8 +109,11 @@ func ExecfWithOutput(shell string, args ...any) error {
// ExecfWithPipe 执行 shell 命令并返回管道
func ExecfWithPipe(ctx context.Context, shell string, args ...any) (out io.ReadCloser, err error) {
_ = os.Setenv("LC_ALL", "C")
if !preCheckArg(args) {
return nil, errors.New("command contains illegal characters")
}
_ = os.Setenv("LC_ALL", "C")
cmd := exec.CommandContext(ctx, "bash", "-c", fmt.Sprintf(shell, args...))
out, err = cmd.StdoutPipe()
@@ -108,3 +125,14 @@ func ExecfWithPipe(ctx context.Context, shell string, args ...any) (out io.ReadC
err = cmd.Start()
return
}
func preCheckArg(args []any) bool {
illegals := []any{`&`, `|`, `;`, `$`, `'`, `"`, "`", `(`, `)`, "\n", "\r", `>`, `<`}
for arg := range slices.Values(args) {
if slices.Contains(illegals, arg) {
return false
}
}
return true
}