denying assignment in Duga commands

Zomis · Jun 23, 2015 · cdcc21e · cdcc21e
1 parent ae44a81
commit cdcc21e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/groovy/net/zomis/duga/tasks/ListenTask.groovy b/src/main/groovy/net/zomis/duga/tasks/ListenTask.groovy
@@ -53,7 +53,7 @@ class ListenTask implements Runnable {
             // the list of tokens the user can find
             // constants are defined in org.codehaus.groovy.syntax.Types
             tokensWhitelist = [
-                    ASSIGN,
+                    // ASSIGN,// Assignments is a security risk, as it allows `def abc = System; abc.exit(1);`
                     PLUS, MINUS, MULTIPLY, DIVIDE, MOD,
                     POWER, PLUS_PLUS, MINUS_MINUS, COMPARE_EQUAL,
                     COMPARE_NOT_EQUAL, COMPARE_LESS_THAN, COMPARE_LESS_THAN_EQUAL,