spiritxishi opened a new issue, #12149:
URL: https://github.com/apache/inlong/issues/12149

   ### Description
   
   ### Background
   `ModuleManager` currently executes `installCommand`, `startCommand`, 
`stopCommand`, `restartCommand`, and `uninstallCommand` from ModuleConfig 
without any validation. `isModuleConfigValid()` only performs null checks (line 
160-193), leaving no defense against malicious command payloads distributed via 
the Manager.
   
   **Affected Code:**
   - `inlong-agent/agent-installer/.../ModuleManager.java:489,496,510,517,524` 
(command execution)
   - `inlong-agent/agent-installer/.../ModuleManager.java:160-193` (validation)
   
   ### Proposed Fix
   Implement a command whitelist (allowlist) on the Agent side so that only 
pre-approved commands or patterns can be executed, regardless of what the 
Manager distributes.
   
   ### Acceptance Criteria
   - [ ] Define a configurable whitelist of allowed commands/patterns
   - [ ] Validate all 5 command fields against the whitelist before execution
   - [ ] Reject and log any command not matching the whitelist
   - [ ] Provide clear documentation on how to extend the whitelist
   
   
   ### InLong Component
   
   InLong Agent
   
   ### Are you willing to submit PR?
   
   - [x] Yes, I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [x] I agree to follow this project's [Code of 
Conduct](https://www.apache.org/foundation/policies/conduct)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to