crt0mega
/
mvt
mirror of https://github.com/mvt-project/mvt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
134 Commits 22 Branches 67 Tags 6 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Nex f011fd19e8 More explicit copyright and licensing notes 2021-08-01 21:11:08 +02:00
Nex be24680046 Enforcing double quotes 2021-08-01 19:50:04 +02:00
Daniel Kahn Gillmor b2afce5c79 Avoid breakage with paths with unusual names 
If file_path has any whitespace or shell metacharacters in it, then
the invocation of subprocess.call would be likely to break (or even
accidentally execute code, depending on how perverse the pathnames
are).

It's generally a good plan to avoid shell=True for subprocess.call
where you can lay out the arguments deliberately in python.  This one
looks relatively straightforward (but note, i have not tested it,
sorry!)

Note that if a name has a `"` character in it, we still fail, out of
safety reasons.

in particular, we want to avoid command injection into the sqlite
binary with particularly malicious names that look something like the
following:

```
foo.db"; .shell touch should-not-exist; .nullvalue "
```
 2021-08-01 11:35:38 -04:00
Nex c966eea7e6 Sorted imports 2021-07-30 11:40:09 +02:00
Nex 60a2dbb860 Added module to parse WebKit ResourceLoadStatistics observations.db (ref: #133) 2021-07-29 13:46:58 +02:00
Nex 7fffef77ce Automatically recover malformed sqlite3 databases (closes: #25 #37) 2021-07-25 11:47:05 +02:00
Nex 065a62cee1 First commit 2021-07-16 08:05:01 +02:00