From b85259dcb574fb47b3845b312150fbf6ced544f9 Mon Sep 17 00:00:00 2001
From: Squidly271 <azawadzki@arrowgames.com>
Date: Fri, 28 Sep 2018 09:17:37 -0400
Subject: [PATCH] Revert docker run Security

While I think this was a decent idea, in actual practice there are too many possibilities / permutations of quoting etc that can potentially result in a false positive and prevent the user from executing their container.  Net result is that the security routine would have to be continually updated as more legit usages com to light.

Since the whole point of the original change was to prevent repository maintainers from maliciously executing arbitrary commands in the docker run and not to impact end-users at all, this will have to be purely enforced on CA's end instead.
---
 .../include/Helpers.php                       | 20 +------------------
 1 file changed, 1 insertion(+), 19 deletions(-)

diff --git a/plugins/dynamix.docker.manager/include/Helpers.php b/plugins/dynamix.docker.manager/include/Helpers.php
index 4de9374c1..b799b120b 100644
--- a/plugins/dynamix.docker.manager/include/Helpers.php
+++ b/plugins/dynamix.docker.manager/include/Helpers.php
@@ -436,9 +436,6 @@ function pullImage($name, $image, $echo=true) {
 }
 
 function execCommand($command, $echo=true) {
-  if ( dockerRunSecurity($command) ) {
-    $command = "logger 'docker command execution halted due to security violation (Bash command execution or redirection)'";
-  }
   // $command should have all its args already properly run through 'escapeshellarg'
   $descriptorspec = [
     0 => ['pipe', 'r'],   // stdin is a pipe that the child will read from
@@ -469,21 +466,6 @@ function execCommand($command, $echo=true) {
   return $retval===0;
 }
 
-function dockerRunSecurity($command) {
-  $testCommand = htmlspecialchars_decode($command);
-  $testCommand = str_replace("\'","",$testCommand);
-  $cmdSplit = explode("'",$testCommand);
-  for ($i=0; $i<count($cmdSplit); $i=$i+2) {
-    $tstCommand .= $cmdSplit[$i];
-  }
-  foreach ( [";","|",">","&&"] as $invalidChars ) {
-    if ( strpos($tstCommand,$invalidChars) ) {
-      return true;
-    }
-  }
-  return false;
-}
-
 function getXmlVal($xml, $element, $attr=null, $pos=0) {
   $xml = (is_file($xml)) ? simplexml_load_file($xml) : simplexml_load_string($xml);
   $element = $xml->xpath("//$element")[$pos];
@@ -524,4 +506,4 @@ function getAllocations() {
   }
   return $ports;
 }
-?>
\ No newline at end of file
+?>