TWSD-1095 - Security Alert: Command injection via cookie data

Review Request #1062 — Created Sept. 17, 2025 and submitted

Information
shuinvy
AG
rel_ag_9_4_5
TWSD-1095
Reviewers
atlas, evalin, jasonchou, milliechou, peteryeh, timlai, timsu 
Add logs for cookie data under /ca/aproxy directory
    

  1. Add new function to get cookie and log cookie data (The log is rotated, max 200 MB)
    2. 

  2. Replace $_COOKIE by my function get_cookie_and_log
    3. 

  3. Add my log (/var/log/aproxy_cookie.log) to sys_log compression file
    4. 

  4. Add some command line to system.log in sys_snap compression file
    5.
peteryeh
peteryeh 
  1. Ship It!
  2. 
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    3. 




  

 
















 





 

  

   




jasonchou




   

   







  

 



 

  


   

   

    
 
jasonchou


    
   


  

  

  



    




  1. 
 
    
  
    
   
    Ship It!
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    2. 















  2. 
 
    
  
    
   
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    3. 




  

 
















 



 

  

   




shuinvy




   

   

  

 



 

  


   

   

    
 Review request changed

    
   


  

  

  






 

  Status:
  

  Closed (submitted)

  
 







 


 










  

 









     

    

   

  

  

   
   Loading...