我正在编写一个Web应用程序,我需要将一些url参数作为命令行参数传递给另一个脚本。我应该怎么做才能避免安全问题?我正在使用Sympfony的Process执行bash命令,并使用Laravel来构建应用。
以下是其中一些代码,请查看buildScreenshotCommand以了解我如何构建命令字符串,还请注意,使用Laravel的Request $request类填充了$ urlRequest:
<?php
namespace App\Logic;
use App\Logic\TimeHelper;
use App\UrlRequest;
use Illuminate\Support\Facades\Storage;
use Symfony\Component\Process\Exception\ProcessFailedException;
use Symfony\Component\Process\Process;
class Screenshot {
static function take(UrlRequest $urlRequest)
{
$name = self::generateName($urlRequest);
$command = self::buildScreenshotCommand($name, $urlRequest);
$startTime = TimeHelper::milliseconds();
$process = new Process($command);
$process->run();
$endTime = TimeHelper::milliseconds();
if (!$process->isSuccessful())
{
throw new ProcessFailedException($process);
}
$output = $process->getOutput();
if (trim($output) === '')
{
$urlRequest->successful = 1;
$file = self::uploadToS3($name);
$urlRequest->image_url = $file['url'];
$urlRequest->file_size = $file['size'];
$urlRequest->file_name = $name;
$urlRequest->time_it_took_to_take_screenshot_ms = $endTime - $startTime;
if ($urlRequest->save())
{
return $urlRequest;
}
}
else
{
$urlRequest->error = $output;
$urlRequest->save();
}
return false;
}
static function uploadToS3($name)
{
$name = 'screenshots/' . $name;
Storage::disk('s3')->put($name, Storage::disk('local')->get($name), ['visibility' => 'public']); // upload to S3
$fileSize = Storage::disk('local')->size($name);
Storage::disk('local')->delete($name);
return [
'url' => Storage::disk('s3')->url($name),
'size' => $fileSize
];
}
static function generateName($urlRequest)
{
$name = time() . rand(10000, 99999);
$extension = '.png';
if (isset($urlRequest->pdf) AND $urlRequest->pdf == 1)
{
$extension = '.pdf';
}
while (UrlRequest::where('file_name', '=', $name . $extension)->first())
{
$name = time() . rand(10000, 99999);
}
return $name . $extension;
}
static function buildScreenshotCommand($name, $urlRequest)
{
$command = 'cd ' . base_path() . ' && node puppeteer-screenshots-init.js ';
$command .= "--url={$urlRequest->url} ";
$fullPath = storage_path('app') . '/screenshots/' . $name;
$command .= "--path={$fullPath} ";
if (isset($urlRequest->pdf))
{
$command .= "--pdf=true ";
}
if (isset($urlRequest->viewport_width))
{
$command .= "--viewportWidth={$urlRequest->viewport_width} ";
}
if (isset($urlRequest->mobile))
{
$command .= '--mobile=true ';
}
if (isset($urlRequest->media_type_print))
{
$command .= '--mediaTypePrint=true ';
}
if (isset($urlRequest->user_agent))
{
$command .= '--userAgent="' . $urlRequest->user_agent . '" ';
}
$command .= '2>&1 &';
return $command;
}
}
答案 0 :(得分:1)
我认为这是一个非常糟糕的主意。如果$urlRequest->url是:
// urlencoded
http%3A%2F%2Fgoogle.com%3F%3Brm+-Rf+%2F%3B
http://google.com?;rm -Rf /;
您要进行哪种输入消毒?