diff options
| author | toastal | 2026-04-15 01:43:05 +0000 |
|---|---|---|
| committer | ยท๐๐ด๐๐๐ฉ๐ค | 2026-04-15 01:43:05 +0000 |
| commit | 9b65a20925349dbdc5919041d81cbd12ad8facf1 (patch) | |
| tree | 81d98cf0191e890b2af523d69a2d2849b71157de /lib/editor.ml | |
| parent | 2de700733370b22797ff71667f68c119951c3194 (diff) | |
| download | nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.gz nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.bz2 nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.lz nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.xz nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.zst nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.zip | |
Phase 1: Fix security vulnerabilities and error handling
- Fix command injection in editor.ml using Filename.quote
- Change KDL.of_flow to return Result instead of failwith
- Update manifest.ml to handle new Result type
Security: Prevents shell injection when opening files with
malicious filenames containing shell metacharacters.
Error handling: KDL parsing errors now return Result type
instead of crashing with failwith.
Diffstat (limited to 'lib/editor.ml')
| -rw-r--r-- | lib/editor.ml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/editor.ml b/lib/editor.ml index 49706b4..a68c6b0 100644 --- a/lib/editor.ml +++ b/lib/editor.ml @@ -13,6 +13,6 @@ let find () = let run_on file = match find () with | ed when String.contains ed ' ' -> - Unix.execvp "/bin/sh" [|"/bin/sh"; "-c"; ed ^ " " ^ file|] + Unix.execvp "/bin/sh" [|"/bin/sh"; "-c"; ed ^ " " ^ Filename.quote file|] | ed -> Unix.execvp ed [|ed; file|] |