passing input from network to shell?
raisjn opened this issue · 2 comments
raisjn commented
i'm super excited to see this project, nice work!
one thing, though -
Line 72 in 763add0
this looks like it is passing untrusted input (from the internet) straight to the shell - is it doing that? if so, it's dangerous and should escape it before using it as an arg or pass it on stdin to the sub-command. (maybe https://en.cppreference.com/w/cpp/io/manip/quoted would work?)
fsniper commented
Hey @raisjn . Thank you. This is something I missed, and you are right on the money here.
As I wanted to get into something usable fast, this project was a quick and dirty hack. I'll look into this.
fsniper commented
I hope this is better now.