os: do not allow ; and && in system/exec

pull/2633/head
Alexander Medvednikov 2019-11-03 23:13:56 +03:00
parent 104fab7466
commit 3449a8bc4d
1 changed files with 7 additions and 0 deletions

View File

@ -355,6 +355,9 @@ pub:
// exec starts the specified command, waits for it to complete, and returns its output. // exec starts the specified command, waits for it to complete, and returns its output.
pub fn exec(cmd string) ?Result { pub fn exec(cmd string) ?Result {
if cmd.contains(';') || cmd.contains('&&') {
return error('; and && are not allowed in shell commands')
}
pcmd := '$cmd 2>&1' pcmd := '$cmd 2>&1'
f := vpopen(pcmd) f := vpopen(pcmd)
if isnil(f) { if isnil(f) {
@ -378,6 +381,10 @@ pub fn exec(cmd string) ?Result {
// `system` works like `exec()`, but only returns a return code. // `system` works like `exec()`, but only returns a return code.
pub fn system(cmd string) int { pub fn system(cmd string) int {
if cmd.contains(';') || cmd.contains('&&') {
// TODO remove panic
panic('; and && are not allowed in shell commands')
}
mut ret := int(0) mut ret := int(0)
$if windows { $if windows {
ret = C._wsystem(cmd.to_wide()) ret = C._wsystem(cmd.to_wide())