pub struct ShellCommandLimitedDoubleQuotesSanitizer {
template: String,
string_to_echo: String,
string_to_execute: String,
}Expand description
Shell command builder with simple but limited sanitizer
The limited sanitization will panic if the value contains double quotes. Command injections attack is possible because the shell command mixes executable code and data in a single string. The attacker could format the “user input” data in a way that it transforms it into “executable code”. A true sanitization is hard to do in software. It would mean to understand all the intricacies of bash syntax?! Another solution is to create a complex object model to have every command and data separated. Too complicated and developer unfriendly. Instead here we take that the developer is a trusted person and he knows how to create the template correctly, so that the placeholders are always de-facto delimited with double-quote inside the shell command. This avoids the problem of injection of any other symbol except double-quotes. The injection of double quote would finish the double-quote data and open the door tho write executable code. It would be very complicated to check if “escaped double quotes” are or not correct in the context of the template. So I don’t allow them at all. This covers the vast majority of simple use cases. Placeholders are delimited with curly brackets. Shell command builder with simple but limited sanitizer
The limited sanitization will panic if the value contains double quotes. Command injections attack is possible because the shell command mixes executable code and data in a single string. The attacker could format the “user input” data in a way that it transforms it into “executable code”. A true sanitization is hard to do in software. It would mean to understand all the intricacies of bash syntax?! Another solution is to create a complex object model to have every command and data separated. Too complicated and developer unfriendly. Instead here we take that the developer is a trusted person and he knows how to create the template correctly, so that the placeholders are always de-facto delimited with double-quote inside the shell command. This avoids the problem of injection of any other symbol except double-quotes. The injection of double quote would finish the double-quote data and open the door tho write executable code. It would be very complicated to check if “escaped double quotes” are or not correct in the context of the template. So I don’t allow them at all. This covers the vast majority of simple use cases. Placeholders are delimited with curly brackets.
Fields§
§template: String§string_to_echo:
String§string_to_execute: String
Trait Implementations§
impl ShellCommandLimitedDoubleQuotesSanitizerTrait for ShellCommandLimitedDoubleQuotesSanitizer
fn new(template: &str) -> ResultWithLibError<Self>
Template for the shell command with placeholders
The limited sanitization will panic if the value contains double quotes. Placeholders are delimited with curly brackets. The developer must be super careful to write the template correctly. The placeholders must be inside a block delimited with double quotes. In a way that only an injection of a double quote can cause problems. There is no software check of the correctness of the template.
fn arg( &mut self, placeholder: &str, value: &str ) -> ResultWithLibError<&mut Self>
Replace placeholders with the value
The limited sanitization will panic if the value contains double quotes. Enter the placeholder parameter delimited with curly brackets. It would be very complicated to check if “escaped double quotes” are or not correct in the context of the template. So I don’t allow them at all. This covers the vast majority of simple use cases.
fn arg_secret( &mut self, placeholder: &str, value: &SecretString ) -> ResultWithLibError<&mut Self>
Just like arg(), but for secrets that must be not echoed on the screen
fn run(&self) -> ResultWithLibError<()>
Run the sanitized command with no additional checks