ric/dockge
1
0
Fork 0
mirror of https://github.com/louislam/dockge.git synced 2025-02-26 13:35:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 673fb8f8dd into a65a9f5549

Browse source
This commit is contained in:
zx 2025-01-01 01:45:29 +01:00 committed by GitHub
commit f63718b1d4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
backend/terminal.ts
View file

@ -294,11 +294,14 @@ export class MainTerminal extends InteractiveTerminal {
// Check if the command is allowed
const cmdParts = input.split(" ");
const executable = cmdParts[0].trim();
const knownOperators = ["||", "&", ";"];
log.debug("console", "Executable: " + executable);
log.debug("console", "Executable length: " + executable.length);
if (!allowedCommandList.includes(executable)) {
throw new Error("Command not allowed.");
} else if (knownOperators.some(operator => input.includes(operator))) {
throw new Error("Control operators are not allowed.");
}
super.write(input);
}