Skip to content

Checking scripts for potential injections #173

Description

@oleua

Hi. The files scripts app is quite powerful and potentially may bring harm unintentionally due to bad programming.
My assumption is when a script runs some shell command connected with file/folder/device operations, and the value field is open text, that means that a user may submit the value in the manner that it will become a parameter for that command.

Eg command='rm %s', and %s is a value submitted by user. A user may submit `-f /home/alice/*' instead of a name of the file, or

command='cp %a %b' to copy data from one folder to another. A user may potentially submit ; rm -rf /home/alice to the text value field as the second option.

Is that possible to provide a special function which may check scripts for potential vulnerability for the systems if that scripts are run?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions