mirror of
https://github.com/wailsapp/wails.git
synced 2026-03-15 07:05:50 +01:00
330bc4e3de
The handleInstallDependency endpoint was vulnerable to command injection attacks. User-provided commands were split and executed directly without validation, allowing attackers to run arbitrary commands. Changes: - Add whitelist of allowed commands (package managers only) - Validate commands against whitelist before execution - Handle privilege escalation commands (sudo/pkexec/doas) by also validating the elevated command - Reject any command not in the whitelist with a clear error message The whitelist includes common package managers across platforms: - Linux: apt, dnf, pacman, zypper, emerge, eopkg, nix-env - macOS: brew, port - Windows: winget, choco, scoop Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| cmd/wails3 | ||
| examples | ||
| internal | ||
| pkg | ||
| scripts | ||
| tasks | ||
| test | ||
| test-assets | ||
| tests/window-visibility-test | ||
| wep | ||
| .gitignore | ||
| .prettierignore | ||
| .prettierrc.yml | ||
| ANDROID_ARCHITECTURE.md | ||
| build_ios.sh | ||
| fix-darwin-ios-constraints.sh | ||
| go.mod | ||
| go.sum | ||
| IOS_ARCHITECTURE.md | ||
| IOS_FEATURES_TODO.md | ||
| IOS_RUNTIME.md | ||
| old | ||
| README.md | ||
| release-notes.txt | ||
| release_notes.md | ||
| Taskfile.yaml | ||
| test-ios-compilation.go | ||
| test-new-ios-build.sh | ||
| TESTING.md | ||
| UNRELEASED_CHANGELOG.md | ||
| verify-ios-setup.sh | ||
v3 Alpha
Thanks for wanting to help out with testing/developing Wails v3! This guide will help you get started.
Getting Started
All the instructions for getting started are in the v3 documentation directory: mkdocs-website.
Please read the README.md file in that directory for more information.