-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Raw file removal code commented in recent commit #118
Comments
By the way, the same commit adds a shell command injection with this line if you control
|
hello |
Hi saleh, subprocess.Popen(["7z", "x", zip_path, "-o", dst_path, "-y"], stdout=subprocess.PIPE) |
alot of security concerns not taken into consideration, the assumption is that kuiper is running in closed environment, if somebody want to run malicious code it is possible to upload it as new parser :) |
In commit ebbc5b7 the functionality for removing raw files from disk after extraction was commented.
Was this done on purpose? It looks like it may have been a test and you forgot to put it back before committing.
The text was updated successfully, but these errors were encountered: