schollz
Explicit Evaluation of Wildcard Characters on the Sender Side CLI
The Croc command line tool explicitly (re)evaluates wildcard glob characters in filename arguments (croc.go:262). This seems highly unusual to me, since normally the user's shell will expand wildcards, not the programs that the filenames are passed to.
This means even if special characters are escaped on shell level, that Croc will still attempt to expand them. This only happens if a filename contains at least one * character. For a sender side user this could be surprising, if a filename actually contains an * character, that this will suddenly be expanded nevertheless. Although a bit far fetched it might still pose a social engineering attack vector, by tricking somebody into forwarding a strangely named file and make them unwittingly send more files than intended.
The principle of least surprise is violated here and I would drop this logic, or execute it only in whatever use case this is helpful with.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}