Skip to content
Browse files

Started on the README.

  • Loading branch information...
1 parent c2b62f3 commit 67c40ce9f286ce2e6f0d2a6ff11d4b52f9ad9ca0 @notahat notahat committed Nov 8, 2010
Showing with 16 additions and 4 deletions.
  1. +1 −1 LICENSE
  2. +15 −3 README.rdoc
View
2 LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009 Pete Yandell
+Copyright (c) 2010 Envato, Ian Leitch, & Pete Yandell.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
View
18 README.rdoc
@@ -1,6 +1,18 @@
-= safe_shell
+= Safe Shell
-Description goes here.
+Safe Shell lets you execute shell commands and get the resulting output, but without the security problems of Ruby's backtick operator.
+
+If you use backticks to process a file supplied by a user, a carefully crafted filename could allow execution of an arbitrary command:
+
+ file = ";blah"
+ `echo #{file}`
+ sh: blah: command not found
+ => "\n"
+
+Safe Shell solves this.
+
+ SafeShell.execute("echo", file)
+ => ";blah\n"
== Note on Patches/Pull Requests
@@ -14,4 +26,4 @@ Description goes here.
== Copyright
-Copyright (c) 2010 Pete Yandell. See LICENSE for details.
+Copyright (c) 2010 Envato, Ian Leitch, & Pete Yandell. See LICENSE for details.

0 comments on commit 67c40ce

Please sign in to comment.
Something went wrong with that request. Please try again.