A malicious path that contains characters that allow for command execution - such a backtick, or dollar operator - could in theory allow for command execution.
This is not possible currently since we never execute our audio tools on user supplied path.
If we use single quotes to wrap paths for our exec code then we can be sure this is never a risk. We currently use double quotes.
A malicious path that contains characters that allow for command execution - such a backtick, or dollar operator - could in theory allow for command execution.
This is not possible currently since we never execute our audio tools on user supplied path.
If we use single quotes to wrap paths for our exec code then we can be sure this is never a risk. We currently use double quotes.
We should also test this.