doc icon indicating copy to clipboard operation
doc copied to clipboard

Published 20 hours ago • verified publisher icon Raku

Make user aware of the risk of using qqx

Open hythm7 opened this issue 4 years ago • 5 comments

The problem

It is not clear from qqx examples that it can be used to execute arbitrary code if the user did not take the necessary precautions to prevent such issue.

Solution provided

Add example in traps page to show how the content of a variable used by qqx can be used to execute malicious code, also warned the user about it in quoting page. so that the user is aware of such cases before deciding to use qqx

Note: please let me know about any grammar/punctuation corrections.

hythm7 avatar Nov 16 '20 11:11 hythm7

Please mention at least the problem-solving issue it comes from.

JJ avatar Nov 16 '20 12:11 JJ

This is also related to the former "taint" mode in Perl. There's a reference for that in the documentation, which directs you to this reddit thread https://www.reddit.com/r/perl6/comments/718z4o/taint_mode_for_perl_6/

JJ avatar Nov 16 '20 12:11 JJ

Thank you for running the tests - if no new tests fail, it's not your fault, no worries.

coke avatar Nov 16 '20 13:11 coke

On master, that test is passing.

coke avatar Nov 16 '20 13:11 coke

Is this still a draft?

JJ avatar Apr 17 '22 17:04 JJ

rescued from draft and merged, thanks. I think all JJ's items were addressed but not marked resolved.

coke avatar Nov 14 '22 03:11 coke