foobarfuzzbizz
Reputation: 58735
How can I sanitize Erlang input?
I was playing around with the erlang shell today and noticed that I could do command injections, something like the following:
io:get_chars("Cmd> ", 3).
Cmd> Dud List=[3,4,5]. io:get_line("I just took over your shell!").
Is there a way to sanitize the get_chars function's input so this isn't possible?
Upvotes: 2
Views: 576
Answers (1)
Felix Lange
Reputation:
you aren't really doing command injections.
io:get_chars("Cmd> ", 3). simply does it's job: read 3 characters from the input stream.
everything entered after these is processed by the erlang shell as part of the normal read-eval-print loop.
Upvotes: 5
Related Questions
- badarg exception from io:format
- Erlang read from StdIn without prompt
- How to remove special characters/escape squences using erlang os:cmd()?
- io:format control sequence strings with arguments
- Erlang badarith on IO input
- How do you accept a string in Erlang?
- How to read character-wise on the standard input in Erlang
- Removing trailing ok from io:format in Erlang
- How to prevent io:format from outputting its ASCII characters representation?
- Erlang functions/library to sanitize web input?