Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request: Sanitize INI files #44

Open
theypsilon opened this issue Jun 11, 2020 · 1 comment
Open

Request: Sanitize INI files #44

theypsilon opened this issue Jun 11, 2020 · 1 comment

Comments

@theypsilon
Copy link
Member

There is a security concern with current INI files importing, because thay can run arbitrary code. If some inexperienced user ends up with an INI file from a hacker, it could lead to compromise the whole system.

There are ways to sanitize INI files. My preferred solution would be to use a proper config parser like the one provided by python. Here is an example of how that would work: https://gist.github.com/theypsilon/128b02a14c741149c204a3f937ad9057

There will be the problem that variable resolution wouldn't be possible in that context. Maybe a solution for that could be doing a replace first for the sake of backwards compatibility. But I would deprecate the use of variables in INI files as is not standard and not very useful either.
@theypsilon
Copy link
Member Author

Maybe this answer could be even better: https://stackoverflow.com/a/28794976/1207998

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@theypsilon