fix: Phase 3 — command injection, unwrap/expect panics, unsigned image acceptance
- VPN key gen: replaced sh -c with format string (command injection) with
safe stdin piping to wg pubkey
- Secrets manager: replaced .unwrap() on path.parent() with proper error
- Tor proxy: replaced .expect("valid proxy") with continue on error
- Image verifier: added require_signatures flag, strict mode rejects
unsigned images and missing cosign binary
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -522,7 +522,11 @@ async fn notify_federation_peers_address_change(
|
||||
});
|
||||
let url = format!("http://{}/rpc/v1", &peer.onion);
|
||||
let client = match reqwest::Client::builder()
|
||||
.proxy(reqwest::Proxy::all(format!("socks5h://{}", proxy)).unwrap_or_else(|_| reqwest::Proxy::all("socks5h://127.0.0.1:9050").expect("valid proxy")))
|
||||
.proxy(match reqwest::Proxy::all(format!("socks5h://{}", proxy))
|
||||
.or_else(|_| reqwest::Proxy::all("socks5h://127.0.0.1:9050")) {
|
||||
Ok(p) => p,
|
||||
Err(_) => continue,
|
||||
})
|
||||
.timeout(std::time::Duration::from_secs(30))
|
||||
.build()
|
||||
{
|
||||
|
||||
@@ -121,30 +121,29 @@ pub async fn generate_wireguard_keypair() -> Result<(String, String)> {
|
||||
.trim()
|
||||
.to_string();
|
||||
|
||||
let _pubkey_output = tokio::process::Command::new("wg")
|
||||
let mut child = tokio::process::Command::new("wg")
|
||||
.arg("pubkey")
|
||||
.stdin(std::process::Stdio::piped())
|
||||
.stdout(std::process::Stdio::piped())
|
||||
.stderr(std::process::Stdio::piped())
|
||||
.spawn()
|
||||
.context("Failed to spawn wg pubkey")?;
|
||||
|
||||
// Use echo + pipe approach instead
|
||||
let pubkey_output = tokio::process::Command::new("sh")
|
||||
.arg("-c")
|
||||
.arg(format!("echo '{}' | wg pubkey", private_key))
|
||||
.output()
|
||||
.await
|
||||
.context("Failed to derive public key")?;
|
||||
|
||||
if !pubkey_output.status.success() {
|
||||
anyhow::bail!(
|
||||
"wg pubkey failed: {}",
|
||||
String::from_utf8_lossy(&pubkey_output.stderr)
|
||||
);
|
||||
if let Some(mut stdin) = child.stdin.take() {
|
||||
use tokio::io::AsyncWriteExt;
|
||||
stdin.write_all(private_key.as_bytes()).await
|
||||
.context("Failed to write private key to wg stdin")?;
|
||||
}
|
||||
|
||||
let public_key = String::from_utf8(pubkey_output.stdout)
|
||||
.context("Invalid UTF-8 from wg pubkey")?
|
||||
let output = child.wait_with_output().await
|
||||
.context("wg pubkey process failed")?;
|
||||
|
||||
if !output.status.success() {
|
||||
anyhow::bail!("wg pubkey failed: {}", String::from_utf8_lossy(&output.stderr));
|
||||
}
|
||||
|
||||
let public_key = String::from_utf8(output.stdout)
|
||||
.context("wg pubkey output is not valid UTF-8")?
|
||||
.trim()
|
||||
.to_string();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user