Description
Background
ModuleManager currently executes installCommand, startCommand, stopCommand, restartCommand, and uninstallCommand from ModuleConfig without any validation. isModuleConfigValid() only performs null checks (line 160-193), leaving no defense against malicious command payloads distributed via the Manager.
Affected Code:
inlong-agent/agent-installer/.../ModuleManager.java:489,496,510,517,524 (command execution)
inlong-agent/agent-installer/.../ModuleManager.java:160-193 (validation)
Proposed Fix
Implement a command whitelist (allowlist) on the Agent side so that only pre-approved commands or patterns can be executed, regardless of what the Manager distributes.
Acceptance Criteria
InLong Component
InLong Agent
Are you willing to submit PR?
Code of Conduct
Description
Background
ModuleManagercurrently executesinstallCommand,startCommand,stopCommand,restartCommand, anduninstallCommandfrom ModuleConfig without any validation.isModuleConfigValid()only performs null checks (line 160-193), leaving no defense against malicious command payloads distributed via the Manager.Affected Code:
inlong-agent/agent-installer/.../ModuleManager.java:489,496,510,517,524(command execution)inlong-agent/agent-installer/.../ModuleManager.java:160-193(validation)Proposed Fix
Implement a command whitelist (allowlist) on the Agent side so that only pre-approved commands or patterns can be executed, regardless of what the Manager distributes.
Acceptance Criteria
InLong Component
InLong Agent
Are you willing to submit PR?
Code of Conduct