igoyak
commented
6 years ago For example:
assert a.isdigit()
assert int(a) > 1024
assert int(a) < 64000Open igoyak opened 6 years ago
igoyak
commented
6 years ago For example:
assert a.isdigit()
assert int(a) > 1024
assert int(a) < 64000
SuperShinyEyes
commented
6 years ago Agree.
https://github.com/YoungxHelsinki/automated-scripts/blob/3b8fd3813c73b96826b5693343e496797a13f9ee/Aalto_computer_status_checker/paniikki_jupyter_launcher.py#L230
This is very dangerous, because you feed this string into a shell command later. It could execute any code that is returned. Best practice when constructing these (quite dangerous) commands to execute, is to assume that everything is malicious. Don't trust anything you get from code that you haven't written yourself. In this case, it means make sure that it is a string that only contains numbers, and that it is withing some boundary (1024 < x < 64000 or something)