denisidoro/navi

Some concerns about security with variables

Open

#533 geöffnet am 21. Apr. 2021

Auf GitHub ansehen
 (7 Kommentare) (1 Reaktion) (0 zugewiesene Personen)Rust (530 Forks)batch import
help wantednew feature

Repository-Metriken

Stars
 (15.874 Stars)
PR-Merge-Metriken
 (Keine gemergten PRs in 30 T)

Beschreibung

Navi is really nice and the ability to use cheatsheet from other people is very nice and allows to learn new tricks. The use of variable with fzf is a real usability gain.

But those two features together raises some security concerns, as it may leads a navi user to run malicious or erroneous shell commands with unwanted side effects.

I'm afraid I've no solution apart disabling variables or setting up a mechanism which would allows only accepted and reviewed code to be executed.

Contributor Guide