Back Website by library rather than command line invocation

Question

Back Website by library rather than command line invocation

mcandre opened this issue 8 years ago · 1 comments

If someone edits the Angular frontend code, they can bypass some validation methods and supply a shell injection string similar to jq '.blah';hostname, in order to run shell commands on the server.

Maybe use a library like github.com/bongole/go-jq instead of shell commands, for safety?

Answer 1 · 2017-04-18T19:32:42.000Z

Can you provide an example of this?