Commit 9209bce8 authored by Committed by RenWalBrowse files
Do not invoke commands through shell. Fixes #82
Executing shell commands through mechanisms such as os.system() or subprocess.run(shell=True) with user-controllable input is prone to arbitrary shell command injection. In this particular case, a malicious actor controlling any input name, either in PDF or image form, can force ocrfeeder to execute shell commands embedded in the file name. While a workaround for #20, mentioning problems opening files with special characters, was introduced in 5286120c, this was not applied to every subprocess invocation. Furthermore, it is good practice to make use of the parameterization of arguments available in the subprocess package instead of relying on character escaping alone, avoiding shell invocation completely. This minimizes the attack surface.