JShellBot
JShellBot copied to clipboard
Take steps to prevent file access from Sandbox
Previous issue: https://github.com/Together-Java/JShellBot/issues/15 Seems like it's not enough. I'd suggest running the app with a linux user that only has read/execute access to what it needs to.
Letting it run with reduced rights is still beneficial, but it can not prevent the bot from reading it's own token. Though adding a safeguard that blocks all executed code from reading a file in the bot directory would be possible.
Leaving a note to close and split this into another issue.