diff options
Diffstat (limited to 'lite.py')
| -rwxr-xr-x | lite.py | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -45,6 +45,13 @@ def ifte(ifs, then, elses): else: return elses +# Sanitize a command (strip some flow control chars) +# While it covers all control operators and most metacharacters, +# it doesn't covers well the reserved words. +# ...Of course, it relies on this client not being compromised. +def san(cmd): + return cmd.replace(";", "").replace("|", "").replace(">", "").replace("<", "").replace("&", "").replace("(", "").replace(")", "").replace("\n", "").replace("[[", "").replace("]]", "") + # Returns number of seconds since UNIX EPOCH def now(): return int(time.time()) @@ -162,7 +169,7 @@ def launch_game(idx): OPT="-s %s -y evol2 -p %s -S" % (HOST, PORT) ## Execute the app - app=execute("%s %s%s" % (CMD, OPT, PWD), shell=True) + app=execute(san("%s %s%s" % (CMD, OPT, PWD)), shell=True) # nosec return app |