Security issues - Githubissues

lukasmartinelli / nigit

Web server that wraps around programs and shell scripts and exposes them as API

MIT License

383 stars 21 forks source link

Security issues #3

Open javier-lopez opened 7 years ago

javier-lopez commented 7 years ago

I'm not sure to understand what are the security implications of using nigit on the Internet, I could see a problem if the input variables are executed , however what security issues could be exploited from?:

#!/bin/bash
wkhtmltopdf "$URL" page.pdf > /dev/null 2>&1
cat page.pdf

nigit html2pdf.sh

lukasmartinelli commented 7 years ago

I'm not sure to understand what are the security implications of using nigit on the Internet, I could see a problem if the input variables are executed , however what security issues could be exploited from?:

I do agree it is a security nightmare. To quote myself.

Be very careful where you use this, it is not intended for production usage in any means due to the security risks.

I use it however in the intranet where I have Docker containers that just expose locally.