HappyTanuki/BumbleCee
1
0
Fork 0
mirror of https://github.com/HappyTanuki/BumbleCee.git synced 2025-10-26 01:45:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

아마도? 쉘 인젝션 취약점 픽스

Browse Source
This commit is contained in:
HappyTanuki
2025-03-07 17:19:58 +09:00
parent 5760f1afdc
commit 77d16c1cdb
14 changed files with 2849 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
include/Utils/ConsoleUtils.hpp
View File

@@ -2,6 +2,8 @@
#include <iostream>
#include <sstream>
#include <queue>
#include <regex>
#include <boost/process.hpp>
namespace bumbleBee {
class ConsoleUtils {
@@ -9,28 +11,36 @@ public:
/**
* @brief 명령어를 쉘에서 실행하고 결과를 EOF 전까지 읽어 \n을 구분자로 토큰화하여 반환합니다
* @param cmd 실행할 명령
* @param args 아규먼트
* @return std::queue<std::string> tokens
*/
static std::queue<std::string> getResultFromCommand(std::string cmd) {
std::string result, token;
static std::queue<std::string> safe_execute_command(const std::string& cmd, const std::vector<std::string>& args) {
std::queue<std::string> tokens;
FILE* stream;
const int maxBuffer = 12; // 적당한 크기
char buffer[maxBuffer];
cmd.append(" 2>&1"); // 표준에러를 표준출력으로 redirect
try {
boost::process::ipstream output; // 명령의 출력을 받을 스트림
boost::process::child c(cmd, boost::process::args(args), boost::process::std_out > output);
stream = popen(cmd.c_str(), "r"); // 주어진 command를 shell로 실행하고 파이프 연결 (fd 반환)
if (stream) {
while (fgets(buffer, maxBuffer, stream) != NULL) result.append(buffer); // fgets: fd (stream)를 길이 (maxBuffer)만큼 읽어 버퍼 (buffer)에 저장
pclose(stream);
}
std::string line;
while (!output.eof() && std::getline(output, line))
tokens.push(line);
std::stringstream ss(result);
while (std::getline(ss, token, '\n')) {
tokens.push(token);
c.wait(); // 프로세스가 종료될 때까지 대기
return tokens;
} catch (const std::exception& e) {
return tokens;
}
}
/**
* @brief 명령어를 쉘에서 실행하고 결과를 파이프로 연결하여 반환합니다
* @param cmd 실행할 명령
* @param args 아규먼트
* @return FILE* fd
*/
static FILE* safe_open_pipe(const std::string& cmd, const std::vector<std::string>& args) {
boost::process::pipe pipe;
boost::process::child c(cmd, boost::process::args(args), boost::process::std_out > pipe);
return tokens;
return fdopen(pipe.native_source(), "r");
}
};
}

8
include/Utils/VersionsCheckUtils.hpp
View File

@@ -7,7 +7,7 @@ namespace bumbleBee {
class VersionsCheckUtils {
public:
static bool isThereCMD(std::shared_ptr<dpp::cluster> cluster, std::string cmd) {
if (ConsoleUtils::getResultFromCommand("which " + cmd).size() == 0) {
if (ConsoleUtils::safe_execute_command("which", {cmd}).size() == 0) {
cluster->log(dpp::ll_error, cmd + " is unavaliable. unresolable error please install " + cmd);
return false;
}
@@ -16,7 +16,7 @@ public:
}
static void validateFFMPEG(std::shared_ptr<dpp::cluster> cluster) {
std::queue<std::string> result = ConsoleUtils::getResultFromCommand(SettingsManager::getFFMPEG_CMD() + " -version");
std::queue<std::string> result = ConsoleUtils::safe_execute_command(SettingsManager::getFFMPEG_CMD(), {"-version"});
std::string front = result.front();
if (front[0] != 'f' ||
front[1] != 'f' ||
@@ -43,7 +43,7 @@ public:
}
static void validateYTDLP(std::shared_ptr<dpp::cluster> cluster) {
std::queue<std::string> result = ConsoleUtils::getResultFromCommand(SettingsManager::getYTDLP_CMD() + " --version");
std::queue<std::string> result = ConsoleUtils::safe_execute_command(SettingsManager::getYTDLP_CMD(), {"--version"});
std::string front = result.front();
if ((front[0]-'0' < 0 || front[0]-'0' > 9) ||
(front[1]-'0' < 0 || front[1]-'0' > 9) ||
@@ -72,7 +72,7 @@ public:
static void updateytdlp(std::shared_ptr<dpp::cluster> cluster) {
cluster->log(dpp::ll_info, "Checking if yt-dlp update is available...");
std::queue<std::string> result = ConsoleUtils::getResultFromCommand("./yt-dlp -U");
std::queue<std::string> result = ConsoleUtils::safe_execute_command("./yt-dlp", {"-U"});
while(!result.empty()) {
std::string front = result.front();
result.pop();