如何清理 Erlang 输入?
我今天在玩 erlang shell,注意到我可以进行命令注入,如下所示:
io:get_chars("Cmd> ", 3).
Cmd> Dud List=[3,4,5]. io:get_line("I just took over your shell!").
有没有办法清理 get_chars 函数的输入,这样这是不可能的?
I was playing around with the erlang shell today and noticed that I could do command injections, something like the following:
io:get_chars("Cmd> ", 3).
Cmd> Dud List=[3,4,5]. io:get_line("I just took over your shell!").
Is there a way to sanitize the get_chars function's input so this isn't possible?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你并没有真正进行命令注入。
io:get_chars("Cmd> ", 3).只是完成它的工作:从输入流中读取 3 个字符。在这些之后输入的所有内容都由 erlang shell 处理,作为正常读取-评估-打印循环的一部分。
you aren't really doing command injections.
io:get_chars("Cmd> ", 3).simply does it's job: read 3 characters from the input stream.everything entered after these is processed by the erlang shell as part of the normal read-eval-print loop.