Skip to content

fix(security): replace shell exec with direct subprocess invocation#208

Merged
deepin-bot[bot] merged 1 commit into
linuxdeepin:release/1071from
wangrong1069:pr0702
Jul 2, 2026
Merged

fix(security): replace shell exec with direct subprocess invocation#208
deepin-bot[bot] merged 1 commit into
linuxdeepin:release/1071from
wangrong1069:pr0702

Conversation

@wangrong1069

Copy link
Copy Markdown
Contributor

PMS: BUG-368007

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @wangrong1069, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

Eliminate /bin/bash -c pipe commands across utils, xfs, luks,
partedcore, watcher and DeviceStorage. Use QProcess with explicit
argument lists and pipe stdin for passwords (LUKS) and interactive
input (fdisk), avoiding shell injection and credential leakage via ps.

移除 utils、xfs、luks、partedcore、watcher 及 DeviceStorage 中通过
/bin/bash -c 执行管道命令的方式,改为使用 QProcess 显式参数列表,
并通过 stdin 传入密码(LUKS)及交互输入(fdisk),
避免 shell 注入及凭据经 ps 泄漏。

Log: 重构命令执行方式,使用直接子进程调用替代 shell 管道
PMS: BUG-368007
Influence: 消除 shell 注入与命令行凭据泄漏风险,提升磁盘管理服务安全性;同时减少对 awk/grep 等外部 shell 工具的依赖。
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
  • 敏感词检查失败, 检测到1个文件存在敏感词
详情
{
    "service/diskoperation/DeviceStorage.cpp": [
        {
            "line": "    QString key = \"ID_MODEL=\";",
            "line_number": 510,
            "rule": "S106",
            "reason": "Var naming | b7cdc78177"
        }
    ]
}

@deepin-ci-robot

Copy link
Copy Markdown

deepin pr auto review

★ 总体评分:100分

■ 【总体评价】

代码彻底重构了外部命令执行逻辑,消除了严重的Shell注入漏洞并优化了进程调用性能
逻辑严密、质量优秀且无任何安全漏洞,满分通过

■ 【详细分析】

  • 1.语法逻辑(完全正确)✓

Utils::executWithInputOutputCmd 函数通过 waitForStarted 拦截启动失败并返回 -1,随后根据 inPut 指针安全地写入标准输入并关闭通道,最后读取标准输出与错误流,整体控制流严密。DeviceStorage.cpp 中使用 indexOfmid 替代了管道中的 grepawk,边界处理包含了行尾为文件末尾的情况,逻辑完备。watcher.cpp 中使用 section 提取首字段并用正则锚定行尾,精准还原了原 grep -w 的语义。
建议:无

  • 2.代码质量(优秀)✓

代码消除了 luksoperator.cpp 等文件中大量重复的 QProcess 样板代码,统一收敛至 Utils::executWithInputOutputCmd,大幅提升了可维护性。注释精准说明了“假成功”的根因及 stderr 回退策略,watcher.cpp 的函数注释清晰阐述了等价转换关系。废弃了无用的 executWithPipeCmd 接口,接口语义从“执行管道命令”转变为更准确的“执行带输入输出的命令”。
建议:无

  • 3.代码性能(高效)✓

watcher.cpp 将原本 ps | awk | grep 串联的 3 个子进程缩减为 1 个 ps 进程加内存级字符串过滤,消除了昂贵的进程创建与 IPC 开销。其余模块将 bash -c 代理去除,减少了无意义的中间 Shell 进程,降低了 CPU 与内存上下文切换消耗。
建议:无

  • 4.代码安全(存在0个安全漏洞)✓

漏洞对比统计:新增漏洞 0 个,减少漏洞 0 个,持平 0 个
代码彻底消除了原有的命令注入风险。原代码通过 /bin/bash -c 拼接 luks.m_decryptStr(密码)等不可信输入,攻击者可通过单引号逃逸执行任意系统命令。重构后,QProcess::start 直接调用目标程序二进制文件并传递参数列表,绕过了 Shell 解释器;密码等敏感数据通过 proc.write 注入标准输入,确保所有特殊字符均被当作普通数据处理。同时,移除了可能泄露命令细节的冗余日志。
建议:无

■ 【改进建议代码示例】

diff --git a/service/watcher.cpp b/service/watcher.cpp
index 969decb5..e1a4f2a1 100644
--- a/service/watcher.cpp
+++ b/service/watcher.cpp
@@ -14,7 +14,6 @@
 #include <QString>
-#include <QRegularExpression>
 #include <QCoreApplication>
 
 
@@ -24,15 +23,13 @@ namespace DiskManager {
  * 等价于管道 `ps -eo cmd | grep -w deepin-diskmanager$`。
  *
  */
-bool Watcher::isFrontEndRunning(QString &error)
+bool Watcher::isFrontEndRunning(QString &err)
 {
     QProcess proc;
     proc.start("ps", QStringList() << "-eo" << "cmd");
     proc.waitForFinished(-1);
-    error = proc.readAllStandardError();
+    err = proc.readAllStandardError();
 
-    static const QRegularExpression rxMatch("(?:^|[^\\w])deepin-diskmanager$");
     const QStringList lines = QString::fromLocal8Bit(proc.readAllStandardOutput()).split('\n');
     for (const QString &line : lines) {
         const QString exe = line.trimmed().section(' ', 0, 0, QString::SectionSkipEmpty);
-        if (rxMatch.match(exe).hasMatch()) {
+        if (exe == "deepin-diskmanager" || exe.endsWith("/deepin-diskmanager")) {
             return true;
         }
     }

@deepin-ci-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: KT-lcz, max-lvs, wangrong1069

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@wangrong1069

Copy link
Copy Markdown
Contributor Author

/merge

@deepin-bot deepin-bot Bot merged commit 76d67f8 into linuxdeepin:release/1071 Jul 2, 2026
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants