Open corysabol opened 4 years ago
The katana command module doesn't seem to handle shell expansions very well. In the case of trying to use it to install kubectl with the following command:
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
It fails to fetch the file and instead resolved the subshell command as part of the URL.
Example yaml:
- name: Download kubectl bin command: cwd: /usr/bin cmd: curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
It might make sense to add the ability to pass shell=True to the subprocess.run() call in found here - https://github.com/SamuraiWTF/samuraiwtf/blob/fbab9173d614d38ece21fcf3b63c6225dace58cc/katana/plugins/Command.py#L19
shell=True
subprocess.run()
The katana command module doesn't seem to handle shell expansions very well. In the case of trying to use it to install kubectl with the following command:
It fails to fetch the file and instead resolved the subshell command as part of the URL.
Example yaml:
It might make sense to add the ability to pass
shell=Trueto thesubprocess.run()call in found here - https://github.com/SamuraiWTF/samuraiwtf/blob/fbab9173d614d38ece21fcf3b63c6225dace58cc/katana/plugins/Command.py#L19