|
|
|
|
|
|
by nas
1572 days ago
|
|
|
It's an interesting idea but a lot of care is needed to avoid parsing bugs. I.e. the code you are feeding to the shell via "eval" doesn't not get parsed in some way you don't expect. Also, parsing the script source code, need to be careful and clear about the parse rules. In that case, it's not as dangerous since the script source code is presumably not provided by an attacker (otherwise they could just directly run the commands they want). |
|
|