sanitise job inputs
The webapp developpers are terrible at handling untrusted inputs.
Uploaded file names are sanitised since 5cc6b01d, now we need to sanitise the content of the Job.param
The main attack vector comes from poorly implemented entrypoints. They are typically implemented as a shell script and the developers an not cautious about escaping job parameters.
In production we forbid all parameters that are potentially dangerous in a shell script (either because they can be used to inject code or to leak data (eg: the app source code). Here is what we have in the rails model:
# job parameters must not contain any special character interpreted by bash
# (because the webapp providers are very bad at preventing shell injections)
# NOTE: / is forbidden too to prevent accessing files outside the current directory
# FIXME: should disallow .. too
validates :param, format: {
without: /[<>()\[\];`$!|~&\/]/,
message: 'contains a forbidden symbol: <>()[];`$!|~&/'
}, allow_blank: true