spiritxishi opened a new issue, #12149: URL: https://github.com/apache/inlong/issues/12149
### Description ### Background `ModuleManager` currently executes `installCommand`, `startCommand`, `stopCommand`, `restartCommand`, and `uninstallCommand` from ModuleConfig without any validation. `isModuleConfigValid()` only performs null checks (line 160-193), leaving no defense against malicious command payloads distributed via the Manager. **Affected Code:** - `inlong-agent/agent-installer/.../ModuleManager.java:489,496,510,517,524` (command execution) - `inlong-agent/agent-installer/.../ModuleManager.java:160-193` (validation) ### Proposed Fix Implement a command whitelist (allowlist) on the Agent side so that only pre-approved commands or patterns can be executed, regardless of what the Manager distributes. ### Acceptance Criteria - [ ] Define a configurable whitelist of allowed commands/patterns - [ ] Validate all 5 command fields against the whitelist before execution - [ ] Reject and log any command not matching the whitelist - [ ] Provide clear documentation on how to extend the whitelist ### InLong Component InLong Agent ### Are you willing to submit PR? - [x] Yes, I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
