databricks-sdk-go icon indicating copy to clipboard operation
databricks-sdk-go copied to clipboard
verified publisher icon databricks

fix: prevent command injection vulnerabilities in subprocess calls

Open dbubel opened this issue 10 months ago • 2 comments

Directly incorporating external or user-defined input into an OS command exposes the system to possible command injection attacks. This vulnerability allows attackers to execute unauthorized commands on the operating system, potentially leading to a compromise of system integrity.

dbubel avatar Mar 25 '25 17:03 dbubel

Please ensure that the NEXT_CHANGELOG.md file is updated with any relevant changes. If this is not necessary for your PR, please include the following in your PR description: NO_CHANGELOG=true and rerun the job.

github-actions[bot] avatar Mar 25 '25 17:03 github-actions[bot]

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger: go/deco-tests-run/sdk-go

Inputs:

  • PR number: 1194
  • Commit SHA: 63e8c71442193094081ba8ef5803c1a2e2c57818

Checks will be approved automatically on success.

github-actions[bot] avatar Mar 28 '25 02:03 github-actions[bot]