You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not sure if we can trust the conversation / user ids provided by the google assistant sdk to be sanitized. We're passing this (and user input) to command line utilities via node's spawn function.
I'm not sure if we can trust the conversation / user ids provided by the google assistant sdk to be sanitized. We're passing this (and user input) to command line utilities via node's spawn function.
According to this, I think we're fine: https://blog.liftsecurity.io/2014/08/19/Avoid-Command-Injection-Node.js/
Probably still worth a look. "Security through obscurity" only works for so long.
The text was updated successfully, but these errors were encountered: