stacksmashing on Nostr: This is code that just feels off/risky to me. self.command seems user controlled ...
This is code that just feels off/risky to me.
self.command seems user controlled (HTTP method), so we can call any function on self which starts with .do_
Even if not exploitable right now it feels like code that might become an "Oops" in the future.
What do you think?
Published at
2024-08-25 12:21:37Event JSON
{
"id": "8804bc7bc5124c099d350a96418e2d6329c9a247fdae415cef5aad899b0f7735",
"pubkey": "65053c8ce5c82d645e654716cd9057e098573e289f3241b9c3490fac6a5491bf",
"created_at": 1724588497,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/stacksmashing/statuses/113022631790296972",
"activitypub"
]
],
"content": "This is code that just feels off/risky to me. \n\nself.command seems user controlled (HTTP method), so we can call any function on self which starts with .do_\n\nEven if not exploitable right now it feels like code that might become an \"Oops\" in the future.\n\nWhat do you think?\n\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/113/022/631/620/736/911/original/3f2e1f1b7c72efa3.png",
"sig": "85d5cd5ad0fab4e7ad2df86e8f3870b52930abaaa29509203f6220d74d1e58a2ef33dfe08818a32610f49aa6aa7fa731859375eeb77aa7976a45705863b9346f"
}
