OS Command injections

[Avivbens]

Hi 👋

Really liked this tool! Super convenient.

Any chance you're also supporting OS Command protection? Could be just the same logic, if I think about that...

[simoneb]

Can you provide an example of something like that?

[Avivbens]

Can you provide an example of something like that?

Sure!

Assume I'd like to execute that:

// I'd like to apply some protection to these dynamic values, as the user can affect them
const command = `mdfind ${kind} -name "${name}" ${onlyInStr ?? ''}`
const { stdout } = await execPromise(query, { maxBuffer: 10_000_000 })

You can see a reference in here