Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Taras Drozdovskyi <t.drozdovsky@samsung.com> After analyzing the existing code, it should be noted that sanitization measures have been made in the edge-orchestration: 1. analysis for a command injection using an escape sequence 2. filtering commands that are on the blacklist 3. only those commands that are previously described in the configuration file (ex. ls_srv.conf) can be executed. Strengthening against attacks of this kind can be: 1. Using the integrity check and digital signature of the configuration file. 2. Applying Linux Kernel protection modules. All attempts to eliminate the security alert by changing the source code were unsuccessful. The elimination requires hard-coding the string literals of the commands to be used, but this greatly limits the flexibility of the edge-orchestration and doesn't add a significant increase in security. Therefore, I propose to mark this alert as a fall positive. Fixes #298
- Loading branch information