denisidoro/navi

Some concerns about security with variables

Open

#533 ouverte le 21 avr. 2021

Voir sur GitHub
 (7 commentaires) (1 réaction) (0 assignés)Rust (530 forks)batch import
help wantednew feature

Métriques du dépôt

Stars
 (15 874 stars)
Métriques de merge PR
 (Aucune PR mergée en 30 j)

Description

Navi is really nice and the ability to use cheatsheet from other people is very nice and allows to learn new tricks. The use of variable with fzf is a real usability gain.

But those two features together raises some security concerns, as it may leads a navi user to run malicious or erroneous shell commands with unwanted side effects.

I'm afraid I've no solution apart disabling variables or setting up a mechanism which would allows only accepted and reviewed code to be executed.

Guide contributeur