mirror of
https://github.com/syncthing/syncthing.git
synced 2026-06-23 16:10:33 -04:00
97cb72a608
While preparing the command, attempt to verify that the template expansion happens in a way that will result in a non-shell-injection command. I don't presume to say that this is a 100% prevention, and the script itself can always do dumb shit with the file path later. Nonetheless, we should make a best-effort attempt. Equally, this could generate false positives for commands that are strangely written but in fact safe. I think this is acceptable; external versioning is currently used by approximately 0.02% of users, and presumably most of them have a setup that is sane. --------- Signed-off-by: Jakob Borg <jakob@kastelo.net>