yammesicka
commented
5 years ago I think this one deserves to be labeled "lit af"
Open agamm opened 5 years ago
yammesicka
commented
5 years ago I think this one deserves to be labeled "lit af"
What is the problem?
So anywhere where we are sending
shell=True, there is the possibility for code injection via parameters in .comeback files. comeback doesn't 100% guarantee that there is no code injection but I think we should take some actions to try to fix it.What are you proposing? Anywhere where
shell=True, prompt the user and ask them if they want to run the arguments supplied. This might also be relevant for https://github.com/agamm/comeback/issues/31 Another feature could be adding a flag to ignore the prompts to make it more convenient for people who don't mind the warning.