Skip to content

fix(security): remove dangerous eval() usage in compare function#6

Open
BrandSnob wants to merge 1 commit into
alireza-ab:masterfrom
BrandSnob:fix/eval_usage
Open

fix(security): remove dangerous eval() usage in compare function#6
BrandSnob wants to merge 1 commit into
alireza-ab:masterfrom
BrandSnob:fix/eval_usage

Conversation

@BrandSnob

Copy link
Copy Markdown

Refactored the compare function to use a safe switch statement instead of eval() for date comparisons. This eliminates a potential Code Injection/Remote Code Execution (RCE) vulnerability where a manipulated operator argument could execute arbitrary code.

I always support being lazy but also I always avoid using eval as much as possible

fixes #5

Refactored the `compare` function to use a safe `switch` statement instead of `eval()` for date comparisons. This eliminates a potential Code Injection/Remote Code Execution (RCE) vulnerability where a manipulated `operator` argument could execute arbitrary code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

خطا در زمان بیلد در داخل داکر

1 participant