You might have seen .sh files in many popular GitHub repositories. Even some of you might have used shell file to install node's latest version in ...
For further actions, you may consider blocking this person and/or reporting abuse
I think it's important to add a disclaimer: please never use
cp
api like this. This is extremely unsafe. String literal w/o arg boxing, symbol escaping, etc, provides any RCE.See how bash-in-js concept is implemented in similar projects.
Thanks @antongolub I didn't knew. The libraries you mentioned seem cool. I would check them out. Why is using child process like this unsafe didn't understood well. Any article ont that?
Ok, here's a RCE example)
Key tip: you need to understand the boundaries of the arguments and escape the characters that can violate them.
Thanks now I get it. Passing user input in such commands can be dangerous. Similar to the way SQL injection attacks happen by I'll formatted arguments.
I would surely put some disclaimer on that.
Nice article😍
Thanks Sumana 😄
Great tutorial.
A good read, followed you looking forward to more such articles 💕
Thanks Aniket mean a lot
Do connect with me on LinkedIn