files_scripts icon indicating copy to clipboard operation
files_scripts copied to clipboard
verified publisher icon Raudius

Checking scripts for potential injections

Open oleua opened this issue 1 year ago • 0 comments

Hi. The files scripts app is quite powerful and potentially may bring harm unintentionally due to bad programming. My assumption is when a script runs some shell command connected with file/folder/device operations, and the value field is open text, that means that a user may submit the value in the manner that it will become a parameter for that command.

Eg command='rm %s', and %s is a value submitted by user. A user may submit `-f /home/alice/*' instead of a name of the file, or

command='cp %a %b' to copy data from one folder to another. A user may potentially submit ; rm -rf /home/alice to the text value field as the second option.

Is that possible to provide a special function which may check scripts for potential vulnerability for the systems if that scripts are run?

oleua avatar Jun 02 '24 13:06 oleua