Re: [PR] [SPARK-50240][CORE] Added Simple Sanitization of Extra JVM Options [spark]

Sun, 01 Dec 2024 16:10:46 -0800 


srowen commented on code in PR #48941:
URL: https://github.com/apache/spark/pull/48941#discussion_r1865066346


##########
launcher/src/test/java/org/apache/spark/launcher/SparkSubmitCommandBuilderSuite.java:
##########
@@ -444,7 +482,7 @@ private SparkSubmitCommandBuilder 
newCommandBuilder(List<String> args) {
     return builder;
   }
 
-  private List<String> buildCommand(List<String> args, Map<String, String> 
env) throws Exception {
+  private List<String>  buildCommand(List<String> args, Map<String, String> 
env) throws Exception {

Review Comment:
   Very small nit, remove this change



##########
launcher/src/main/java/org/apache/spark/launcher/SparkSubmitCommandBuilder.java:
##########
@@ -339,6 +344,24 @@ private void checkJavaOptions(String javaOptions) {
     }
   }
 
+  /**
+   * Sanitizes the configuration value to prevent command injection 
vulnerabilities.
+   * Removes shell metacharacters that could be used to manipulate shell 
commands.
+   *
+   * References:
+   * - OWASP Command Injection Prevention Cheat Sheet
+   * 
(https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html)
+   */
+  private String sanitizeExtraJavaOptions(String value) {
+    if (value != null) {
+      String[] unsafeChars = {"`", "$(", ")", "&", "|", "<", ";", ">", "*", 
"?"};
+      for (String unsafeChar : unsafeChars) {
+        value = value.replace(unsafeChar, "");

Review Comment:
   Just do this with a regex?



##########
launcher/src/main/java/org/apache/spark/launcher/SparkSubmitCommandBuilder.java:
##########
@@ -212,8 +212,13 @@ List<String> buildSparkSubmitArgs() {
     }
 
     for (Map.Entry<String, String> e : conf.entrySet()) {
+      String key = e.getKey();
+      String value = e.getValue();
+      if ("spark.executor.extraJavaOptions".equals(key)) {

Review Comment:
   spark.driver.extraJavaOptions too, I'd imagine



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to