• BAIRE Anthony's avatar
    prevent potential option injections in job input files · 26aac5ab
    BAIRE Anthony authored
    A malicious user may submit an input file starting with '-'.
    A loosely-implemented webapp entrypoint could misinterpret
    it as a command-line option a let the user inject arbitrary
    options to the commands executed inside the job.
    
    To prevent this the leading '-' in input filenames are silently
    changed into '_'.
    26aac5ab
helpers.py 7.32 KB