diff options
| author | Matt Strapp <matt@mattstrapp.net> | 2022-02-14 15:50:31 -0600 |
|---|---|---|
| committer | Matt Strapp <matt@mattstrapp.net> | 2022-02-14 15:50:31 -0600 |
| commit | 33afdb261eccf1345374e03418aca851ce7da95b (patch) | |
| tree | 0f19efc8c4441a0f19cce9df6c49e5166083aac9 /src | |
| parent | maybe achieve feature parity (diff) | |
| download | ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.gz ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.bz2 ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.lz ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.xz ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.tar.zst ee4511w-web-33afdb261eccf1345374e03418aca851ce7da95b.zip | |
add the TODO
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to 'src')
| -rw-r--r-- | src/routes/api.ts | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/routes/api.ts b/src/routes/api.ts index 1e9cd49..c538751 100644 --- a/src/routes/api.ts +++ b/src/routes/api.ts @@ -87,7 +87,11 @@ api.route('/actuate') const escaped = quote([ 'python', req.body.path]); // Run the code - exec(escaped, (err, stdout, stderr) => { + /* + TODO: MAKE THIS MORE SECURE + Execing random things is probably a bad idea, and snyk is complaining that it isn't escaped properly. + */ + exec(escaped, (err, stdout, stderr) => { if (err) return res.status(500).json({ error: 'An unknown error occurred while executing the file.', error_msg: stderr }); |