v
v copied to clipboard
vlang
V REPL passes input directly into println, allowing arbitrary script execution
V version: V 0.2.4 509367b OS: windows, Microsoft Windows 10 Pro Education v19043 64-bit
What did you do? I found that the V REPL passes the input into println (reproduction instructions: typing foo will call println(foo), which will return an error as foo is undefined), so in an attempt to see if code injection was possible, I typed "test") exit(-1).
What did you expect to see? A syntax error: there are mismatched parentheses in the above expression.
What did you see instead? The code was substituted into println("test") exit(-1), which IS valid V. This prints test with a newline and exits the REPL with a code of -1.
Definitely specific to the (sadly quite broken) REPL.
If you put the same thing in a .v file and try to run it...
foo.v:1:1: error: expression evaluated but not used
1 | "test") exit(-1)
| ~~~~~~
That's not the only weirdness with the repl, sadly. E.g. try this:
>>> a_variable := "yessir"
>>> a_variable
yessir
>>> printme := "ohno"
>>> printme
error: `printme` evaluated but not used
6 |
7 | tprintit := "ohyes"
8 | printme
| ~~~~~~~
Probably the whole REPL needs to be rewritten to parse the AST of the text
