Commit 26aac5ab authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files

prevent potential option injections in job input files

A malicious user may submit an input file starting with '-'.
A loosely-implemented webapp entrypoint could misinterpret
it as a command-line option a let the user inject arbitrary
options to the commands executed inside the job.

To prevent this the leading '-' in input filenames are silently
changed into '_'.
parent f22bcdc9
Pipeline #139261 failed with stages
in 1 second