Skip to content

Commit

Permalink
M293/backport 5852 (#2406)
Browse files Browse the repository at this point in the history 
* set env in ProcessInvoker sanitized (#2280)

* set env in ProcessInvoker sanitized

* Update release notes and runnerversion

---------

Co-authored-by: Stefan Ruvceski <[email protected]>
  • Loading branch information
@fhammerl @ruvceskistefan
fhammerl and ruvceskistefan authored Jan 30, 2023
1 parent a78e6e0 commit d42fd4a
Show file tree
Hide file tree
Showing 4 changed files with 81 additions and 1 deletion.
1 change: 1 addition & 0 deletions releaseNote.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
## Features
## Bugs
- Fixed an issue where container environment variables names or values could escape the docker command (#2108)
- Sanitize Windows ENVs (#2280)

## Misc

Expand Down
10 changes: 10 additions & 0 deletions src/Runner.Sdk/ProcessInvoker.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,17 @@ public async Task<int> ExecuteAsync(
{
foreach (KeyValuePair<string, string> kvp in environment)
{
#if OS_WINDOWS
string tempKey = String.IsNullOrWhiteSpace(kvp.Key) ? kvp.Key : kvp.Key.Split('\0')[0];
string tempValue = String.IsNullOrWhiteSpace(kvp.Value) ? kvp.Value : kvp.Value.Split('\0')[0];
if(!String.IsNullOrWhiteSpace(tempKey))
{
_proc.StartInfo.Environment[tempKey] = tempValue;
}
#else
_proc.StartInfo.Environment[kvp.Key] = kvp.Value;

#endif
}
}

Expand Down
69 changes: 69 additions & 0 deletions src/Test/L0/ProcessInvokerL0.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,76 @@ public async Task SetCIEnv()
}
}
}
#if OS_WINDOWS
[Fact]
[Trait("Level", "L0")]
[Trait("Category", "Common")]
public async Task SetTestEnvWithNullInKey()
{
using (TestHostContext hc = new(this))
{
Tracing trace = hc.GetTrace();

Int32 exitCode = -1;
var processInvoker = new ProcessInvokerWrapper();
processInvoker.Initialize(hc);
var stdout = new List<string>();
var stderr = new List<string>();
processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) =>
{
trace.Info(e.Data);
stdout.Add(e.Data);
};
processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) =>
{
trace.Info(e.Data);
stderr.Add(e.Data);
};

exitCode = await processInvoker.ExecuteAsync("", "cmd.exe", "/c \"echo %TEST%\"", new Dictionary<string, string>() { { "TEST\0second", "first" } }, CancellationToken.None);


trace.Info("Exit Code: {0}", exitCode);
Assert.Equal(0, exitCode);
Assert.Equal("first", stdout.First(x => !string.IsNullOrWhiteSpace(x)));

}
}

[Fact]
[Trait("Level", "L0")]
[Trait("Category", "Common")]
public async Task SetTestEnvWithNullInValue()
{
using (TestHostContext hc = new(this))
{
Tracing trace = hc.GetTrace();

Int32 exitCode = -1;
var processInvoker = new ProcessInvokerWrapper();
processInvoker.Initialize(hc);
var stdout = new List<string>();
var stderr = new List<string>();
processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) =>
{
trace.Info(e.Data);
stdout.Add(e.Data);
};
processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) =>
{
trace.Info(e.Data);
stderr.Add(e.Data);
};

exitCode = await processInvoker.ExecuteAsync("", "cmd.exe", "/c \"echo %TEST%\"", new Dictionary<string, string>() { { "TEST", "first\0second" } }, CancellationToken.None);

trace.Info("Exit Code: {0}", exitCode);
Assert.Equal(0, exitCode);
Assert.Equal("first", stdout.First(x => !string.IsNullOrWhiteSpace(x)));

}
}
#endif
[Fact]
[Trait("Level", "L0")]
[Trait("Category", "Common")]
Expand Down
2 changes: 1 addition & 1 deletion src/runnerversion
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.293.1
2.293.2

0 comments on commit d42fd4a

Please sign in to comment.