denisidoro/navi

Some concerns about security with variables

Open

#533 aberto em 21 de abr. de 2021

Ver no GitHub
 (7 comments) (1 reaction) (0 assignees)Rust (530 forks)batch import
help wantednew feature

Métricas do repositório

Stars
 (15.874 stars)
Métricas de merge de PR
 (Nenhuma PRs mesclada em 30d)

Description

Navi is really nice and the ability to use cheatsheet from other people is very nice and allows to learn new tricks. The use of variable with fzf is a real usability gain.

But those two features together raises some security concerns, as it may leads a navi user to run malicious or erroneous shell commands with unwanted side effects.

I'm afraid I've no solution apart disabling variables or setting up a mechanism which would allows only accepted and reviewed code to be executed.

Guia do colaborador