fix: build shell commands in a secure way in generic_send.py (!721) · Merge requests · Perun / Perun IdM / perun-services

Created by: zlamalp

Make sure to construct commands as arrays rather than joined strings.
Removed parsing by shlex, since it could introduce shell injection.
Added regex checks on destination based on destination type.
Fixed propagation on "host-windows-proxy" to use actual proxy value instead of destination as host to send data to.
Added regex check on "windows_proxy" value to be "user@host". This might be revisited in the future.
Fixed sed command when propagating date to "host-windows-proxy" destination to actually use destination from input rather than shell variable. Also use destination`s hostname in hostname file.

fix: build shell commands in a secure way in generic_send.py