|
|
|
|
|
|
by capevace
144 days ago
|
|
|
Thanks for reading! Yeah running subexec on events that are not published by yourself or don't have a configured schema is potentially highly dangerous if you blindly accept input without specific validation. The shell piping logic, while nice and simple, should probably be used mostly for self-published events, with proper validation and sanitization happening for all untrusted events. |
|
|