Summary
image and container config fields are piped through envsubst without validating the expanded result. If a container environment variable contains shell metacharacters, they will be inserted into the generated script unescaped.
Location
entrypoint.sh lines 72, 84
IMAGE=$(echo "${1}" | jq -r .image | envsubst)
CONTAINER=$(echo "${1}" | jq -r .container | envsubst)Attack Vector
If MALICIOUS_VAR is set in the container environment and a config references it:
{ "image": "${MALICIOUS_VAR}", "schedule": "* * * * *", "command": "test" }And MALICIOUS_VAR="alpine; rm -rf /tmp", the generated script would expand to include the injected content. While the companion fix (quoting IMAGE in the generated command) reduces immediate exploitability, the underlying unvalidated substitution remains a latent risk for future refactors.
Recommended Fix
Validate the expanded value against an allowlist pattern after substitution:
IMAGE=$(echo "${1}" | jq -r .image | envsubst)
if [[ ! "${IMAGE}" =~ ^[a-zA-Z0-9:/_\.\-]+$ ]]; then
echo "Error: invalid image name '${IMAGE}'"
return 1
fiSeverity
High
Summary
imageandcontainerconfig fields are piped throughenvsubstwithout validating the expanded result. If a container environment variable contains shell metacharacters, they will be inserted into the generated script unescaped.Location
entrypoint.shlines 72, 84Attack Vector
If
MALICIOUS_VARis set in the container environment and a config references it:{ "image": "${MALICIOUS_VAR}", "schedule": "* * * * *", "command": "test" }And
MALICIOUS_VAR="alpine; rm -rf /tmp", the generated script would expand to include the injected content. While the companion fix (quoting IMAGE in the generated command) reduces immediate exploitability, the underlying unvalidated substitution remains a latent risk for future refactors.Recommended Fix
Validate the expanded value against an allowlist pattern after substitution:
Severity
High