From 1b2b79f2f3027be1a6d9280b5c091f3a18c5be18 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Mar 2024 09:19:00 +0800 Subject: [PATCH 1/1] fix command injection vulnerabilities --- zeus/conf/constant.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/zeus/conf/constant.py b/zeus/conf/constant.py index 1370d6e..167d6c0 100644 --- a/zeus/conf/constant.py +++ b/zeus/conf/constant.py @@ -22,8 +22,8 @@ from vulcanus.conf.constant import BASE_CONFIG_PATH MANAGER_CONFIG_PATH = os.path.join(BASE_CONFIG_PATH, 'zeus.ini') # ceres -CERES_PLUGIN_START = "aops-ceres plugin --start %s" -CERES_PLUGIN_STOP = "aops-ceres plugin --stop %s" +CERES_PLUGIN_START = "aops-ceres plugin --start '%s'" +CERES_PLUGIN_STOP = "aops-ceres plugin --stop '%s'" CERES_COLLECT_ITEMS_CHANGE = "aops-ceres plugin --change-collect-items '%s'" CERES_PLUGIN_INFO = "aops-ceres plugin --info" CERES_APPLICATION_INFO = "aops-ceres collect --application" -- 2.33.0