aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMatt Strapp <matt@mattstrapp.net>2022-02-14 15:50:31 -0600
committerMatt Strapp <matt@mattstrapp.net>2022-02-14 15:50:31 -0600
commit33afdb261eccf1345374e03418aca851ce7da95b (patch)
tree0f19efc8c4441a0f19cce9df6c49e5166083aac9 /src
parentmaybe achieve feature parity (diff)
downloadee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar
ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.gz
ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.bz2
ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.lz
ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.xz
ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.zst
ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.zip
add the TODO
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to '')
-rw-r--r--src/routes/api.ts6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/routes/api.ts b/src/routes/api.ts
index 1e9cd49..c538751 100644
--- a/src/routes/api.ts
+++ b/src/routes/api.ts
@@ -87,7 +87,11 @@ api.route('/actuate')
const escaped = quote([ 'python', req.body.path]);
// Run the code
- exec(escaped, (err, stdout, stderr) => {
+ /*
+ TODO: MAKE THIS MORE SECURE
+ Execing random things is probably a bad idea, and snyk is complaining that it isn't escaped properly.
+ */
+ exec(escaped, (err, stdout, stderr) => {
if (err)
return res.status(500).json({ error: 'An unknown error occurred while executing the file.', error_msg: stderr });