Fix KERNEL_POD_NAME substitution to avoid SSTI

[lresende]

No description provided.

[Zsailer]

This looks great, @lresende!

I think I found a small security gap that needs addressing before merge.

The current regex pattern [a-zA-Z_][a-zA-Z0-9_]* allows variables starting with underscores, which means {{ __class__ }} would be accepted and could potentially enable Python magic method attacks.

Imagine someone doing this:

  # Malicious KERNEL_POD_NAME that could be accepted by current regex:
  KERNEL_POD_NAME = "{{
  kernel_id.__class__.__mro__[1].__subclasses__()[104].__init__.__globals__['sys'].exit }}"

If __class__ were somehow in the variables dict, this could expose:

• Object introspection capabilities
• Access to the class hierarchy
• Potential stepping stone for more complex attacks

I think the regex should block anything with a leading underscore,

pattern = r'\{\{\s*([a-zA-Z][a-zA-Z0-9_]*)\s*\}\}'  # No leading underscore

I think if we can fix this and add a test case, we should be good to go here.

[lresende]

Thank you @Zsailer , good catch. I have updated it:

1. Updated the regex pattern in enterprise_gateway/services/processproxies/k8s.py:226 to prevent variables starting with underscore:
   - Changed from: r'{{\s*([a-zA-Z_][a-zA-Z0-9_])\s}}'
   - To: r'{{\s*([a-zA-Z][a-zA-Z0-9_])\s}}'
2. Enhanced the test case in enterprise_gateway/tests/test_process_proxy.py to verify that underscore-prefixed variables (like class, dict, globals) are properly blocked and treated as invalid template syntax.