fleet/orbit/changes/14109-app_sso_platform-harden-command-execution at dc4e50ef7b3092de668e728dc5ea0287cd8c8a3b - Elgato_dark/fleet - Forgejo: Beyond coding. We Forge.

Elgato_dark/fleet

mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00

Lucas Manuel Rodriguez a44d6b72b3

Harden app_sso_platform command execution (#39397 )

Changes:
- Using `"sh", "-c"` is not necessary anymore beccause we extract the
uid in a previous `id` execution.
- Not assembling strings with `fmt.Sprintf` anymore.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [X] QA'd all new/changed functionality manually

## fleetd/orbit/Fleet Desktop

- [X] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [X] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))

2026-02-05 17:31:10 -03:00

1 line

80 B

Text

Raw Blame History

* Harden app_sso_platform table command execution to prevent command injection.