Since the web interface allows the input of an arbitrary phrase for speaking, and speech.py doesn't do any sanitizing.... you could probably destroy the universe with a well crafted "phrase", or at least pour out all the kibbles onto the floor. Or you know, take over my cat feeder and move laterally into my home network (just kidding, SqueakerNet is in a DMZ obviously.)
Since the speech endpoint only accepts local network requests, this is mitigated. But let's fix it eh.
https://github.com/buzzcola/squeakernet/blob/7a56daf21971bad918a8a11e6b92497a8336de89/squeakernet/speech.py#L12
Since the web interface allows the input of an arbitrary phrase for speaking, and speech.py doesn't do any sanitizing.... you could probably destroy the universe with a well crafted "phrase", or at least pour out all the kibbles onto the floor. Or you know, take over my cat feeder and move laterally into my home network (just kidding, SqueakerNet is in a DMZ obviously.)
Since the speech endpoint only accepts local network requests, this is mitigated. But let's fix it eh.