From 33afdb261eccf1345374e03418aca851ce7da95b Mon Sep 17 00:00:00 2001
From: Matt Strapp <matt@mattstrapp.net>
Date: Mon, 14 Feb 2022 15:50:31 -0600
Subject: add  the TODO

Signed-off-by: Matt Strapp <matt@mattstrapp.net>
---
 src/routes/api.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/routes/api.ts b/src/routes/api.ts
index 1e9cd49..c538751 100644
--- a/src/routes/api.ts
+++ b/src/routes/api.ts
@@ -87,7 +87,11 @@ api.route('/actuate')
 
         const escaped = quote([ 'python', req.body.path]);
         // Run the code
-        exec(escaped, (err, stdout, stderr) => {
+        /*
+            TODO: MAKE THIS MORE SECURE
+            Execing random things is probably a bad idea, and snyk is complaining that it isn't escaped properly.
+        */
+            exec(escaped, (err, stdout, stderr) => {
             if (err)
                 return res.status(500).json({ error: 'An unknown error occurred while executing the file.', error_msg: stderr });
 
-- 
cgit v1.2.3