What is the problem?
So anywhere where we are sending shell=True, there is the possibility for code injection via parameters in .comeback files. comeback doesn't 100% guarantee that there is no code injection but I think we should take some actions to try to fix it.
What are you proposing?
Anywhere where shell=True, prompt the user and ask them if they want to run the arguments supplied.
This might also be relevant for #31
Another feature could be adding a flag to ignore the prompts to make it more convenient for people who don't mind the warning.
What is the problem?
So anywhere where we are sending
shell=True, there is the possibility for code injection via parameters in .comeback files. comeback doesn't 100% guarantee that there is no code injection but I think we should take some actions to try to fix it.What are you proposing?
Anywhere where
shell=True, prompt the user and ask them if they want to run the arguments supplied.This might also be relevant for #31
Another feature could be adding a flag to ignore the prompts to make it more convenient for people who don't mind the warning.