Mentions légales du service

Skip to content

prevent potential option injections in job input files

BAIRE Anthony requested to merge prevent-option-injections into django

A malicious user may submit an input file starting with '-'. A loosely-implemented webapp entrypoint could misinterpret it as a command-line option a let the user inject arbitrary options to the commands executed inside the job.

To prevent this the leading '-' in input filenames are silently changed into '_'.

Merge request reports