Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize args for seed_tools #1250

Open
atuchin-m opened this issue Nov 5, 2024 · 0 comments
Open

Sanitize args for seed_tools #1250

atuchin-m opened this issue Nov 5, 2024 · 0 comments
Assignees
@goodov @atuchin-m

Comments

@atuchin-m
Copy link
Collaborator

A follow up issue for #1245 (comment).
We'd better to sanitize the args we get from a command line in all npm run seed_tools commands

@kdenhartog:

If I was to suggest a way to sanitize these it would be to just check the values here before we pass them in further to make sure they're semi expected. E.g. revision parameter should be a hash and studyDir we could probably check to make sure it's within a reasonable location on the file system and matches a file path (rather than appending on something like && npm run malicious script or something to that affect.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@goodov goodov

@atuchin-m atuchin-m

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@goodov @atuchin-m