aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/routes/api.ts6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/routes/api.ts b/src/routes/api.ts
index 1e9cd49..c538751 100644
--- a/src/routes/api.ts
+++ b/src/routes/api.ts
@@ -87,7 +87,11 @@ api.route('/actuate')
const escaped = quote([ 'python', req.body.path]);
// Run the code
- exec(escaped, (err, stdout, stderr) => {
+ /*
+ TODO: MAKE THIS MORE SECURE
+ Execing random things is probably a bad idea, and snyk is complaining that it isn't escaped properly.
+ */
+ exec(escaped, (err, stdout, stderr) => {
if (err)
return res.status(500).json({ error: 'An unknown error occurred while executing the file.', error_msg: stderr });