bivashy/Blitz-Proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added shlex

Browse Source 
Preventing shell injection attacks.
This commit is contained in:
Whispering Wind
2024-08-30 21:33:13 +03:30
committed by GitHub
parent 872c58a9eb
commit fe9f63043a
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/scripts/telegrambot/tbot.py
View File

@ -4,6 +4,7 @@ import qrcode
import io import io
import json import json
import os import os
import shlex
import re import re
from dotenv import load_dotenv from dotenv import load_dotenv
from telebot import types from telebot import types
@ -17,7 +18,8 @@ bot = telebot.TeleBot(API_TOKEN)
def run_cli_command(command): def run_cli_command(command):
try: try:
result = subprocess.check_output(command, shell=True, stderr=subprocess.STDOUT) args = shlex.split(command)
result = subprocess.check_output(args, stderr=subprocess.STDOUT)
return result.decode('utf-8').strip() return result.decode('utf-8').strip()
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
return f'Error: {e.output.decode("utf-8")}' return f'Error: {e.output.decode("utf-8")}'