denisidoro/navi

Some concerns about security with variables

Open

#533 aperta il 21 apr 2021

Vedi su GitHub
 (7 commenti) (1 reazione) (0 assegnatari)Rust (530 fork)batch import
help wantednew feature

Metriche repository

Star
 (15.874 star)
Metriche merge PR
 (Nessuna PR mergiata in 30 g)

Descrizione

Navi is really nice and the ability to use cheatsheet from other people is very nice and allows to learn new tricks. The use of variable with fzf is a real usability gain.

But those two features together raises some security concerns, as it may leads a navi user to run malicious or erroneous shell commands with unwanted side effects.

I'm afraid I've no solution apart disabling variables or setting up a mechanism which would allows only accepted and reviewed code to be executed.

Guida contributor