Laravel 将URL参数作为命令行脚本参数传递安全注意事项
我正在编写一个web应用程序,需要将一些url参数作为命令行参数传递给另一个脚本。我应该如何避免安全问题?我正在使用Symphony的进程来执行bash命令,并使用Laravel来构建应用程序 下面是一些代码,请查看Laravel 将URL参数作为命令行脚本参数传递安全注意事项,laravel,symfony,security,url,laravel-5,Laravel,Symfony,Security,Url,Laravel 5,我正在编写一个web应用程序,需要将一些url参数作为命令行参数传递给另一个脚本。我应该如何避免安全问题?我正在使用Symphony的进程来执行bash命令,并使用Laravel来构建应用程序 下面是一些代码,请查看buildScreenshotCommand以了解我是如何构建命令字符串的,还请注意,$urlRequest是使用Laravel的Request$Request类填充的: <?php namespace App\Logic; use App\Logic\TimeHelper
buildScreenshotCommand
以了解我是如何构建命令字符串的,还请注意,$urlRequest是使用Laravel的Request$Request
类填充的:
<?php
namespace App\Logic;
use App\Logic\TimeHelper;
use App\UrlRequest;
use Illuminate\Support\Facades\Storage;
use Symfony\Component\Process\Exception\ProcessFailedException;
use Symfony\Component\Process\Process;
class Screenshot {
static function take(UrlRequest $urlRequest)
{
$name = self::generateName($urlRequest);
$command = self::buildScreenshotCommand($name, $urlRequest);
$startTime = TimeHelper::milliseconds();
$process = new Process($command);
$process->run();
$endTime = TimeHelper::milliseconds();
if (!$process->isSuccessful())
{
throw new ProcessFailedException($process);
}
$output = $process->getOutput();
if (trim($output) === '')
{
$urlRequest->successful = 1;
$file = self::uploadToS3($name);
$urlRequest->image_url = $file['url'];
$urlRequest->file_size = $file['size'];
$urlRequest->file_name = $name;
$urlRequest->time_it_took_to_take_screenshot_ms = $endTime - $startTime;
if ($urlRequest->save())
{
return $urlRequest;
}
}
else
{
$urlRequest->error = $output;
$urlRequest->save();
}
return false;
}
static function uploadToS3($name)
{
$name = 'screenshots/' . $name;
Storage::disk('s3')->put($name, Storage::disk('local')->get($name), ['visibility' => 'public']); // upload to S3
$fileSize = Storage::disk('local')->size($name);
Storage::disk('local')->delete($name);
return [
'url' => Storage::disk('s3')->url($name),
'size' => $fileSize
];
}
static function generateName($urlRequest)
{
$name = time() . rand(10000, 99999);
$extension = '.png';
if (isset($urlRequest->pdf) AND $urlRequest->pdf == 1)
{
$extension = '.pdf';
}
while (UrlRequest::where('file_name', '=', $name . $extension)->first())
{
$name = time() . rand(10000, 99999);
}
return $name . $extension;
}
static function buildScreenshotCommand($name, $urlRequest)
{
$command = 'cd ' . base_path() . ' && node puppeteer-screenshots-init.js ';
$command .= "--url={$urlRequest->url} ";
$fullPath = storage_path('app') . '/screenshots/' . $name;
$command .= "--path={$fullPath} ";
if (isset($urlRequest->pdf))
{
$command .= "--pdf=true ";
}
if (isset($urlRequest->viewport_width))
{
$command .= "--viewportWidth={$urlRequest->viewport_width} ";
}
if (isset($urlRequest->mobile))
{
$command .= '--mobile=true ';
}
if (isset($urlRequest->media_type_print))
{
$command .= '--mediaTypePrint=true ';
}
if (isset($urlRequest->user_agent))
{
$command .= '--userAgent="' . $urlRequest->user_agent . '" ';
}
$command .= '2>&1 &';
return $command;
}
}
我认为这是一个非常糟糕的主意。如果$urlRequest->url
是:
// urlencoded
http%3A%2F%2Fgoogle.com%3F%3Brm+-Rf+%2F%3B
http://google.com?;rm -Rf /;
您正在执行什么类型的输入清理?目前没有执行清理,只有验证。您知道专门针对bash参数的好的净化包吗?另外,Symfony的过程是转义参数以防止安全问题,如下所述:另外,如果我尝试访问您建议的url,我会得到一个验证错误。这很危险,这就是我在这里问的原因。