I find myself needing access to commandline-tools in the browser a lot.
I have the idea to write a plugin that pipes the content of a request through a command and responds with the output of stdout.
This has obviously huge implications on security. Has someone thought of something similar already?
Any ideas how to make sure this does not lead to unwanted commands being executed?
This has obviously huge implications on security. Has someone thought of something similar already?
Any ideas how to make sure this does not lead to unwanted commands being executed?
My approach would be to catalog all acceptable commands and map them through REST-like URLs. For example, https://example.com/run/ls?files%3D%2A.go This would give your server program a chance to sanitize input and avoid dangerous commands.