From 321b024daee08992495a80e2f998a5913c5b0a49 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sat, 25 Jun 2011 19:06:55 +0200
Subject: Add a binding to shred. Rudimentary protection against shell
 injection.

---
 lib/mat.py | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'lib/mat.py')

diff --git a/lib/mat.py b/lib/mat.py
index 156c683..732dc25 100644
--- a/lib/mat.py
+++ b/lib/mat.py
@@ -31,20 +31,17 @@ def is_secure(filename):
     '''
         Prevent shell injection
     '''
-    if not(os.path.isfile(name)): #check if the file exist
+
+    if not(os.path.isfile(filename)): #check if the file exist
         print("Error: %s is not a valid file" % name)
         sys.exit(1)
-    filename.strip('\s') #separations
-    filename.strip('`') #injection `rm / -Rf`
-    filename.strip('\$(.*)')#injection $(rm / -Rf)
-    filename.strip(';')#injection $filename;rm / -Rf
 
 def create_class_file(name, backup):
     '''
         return a $FILETYPEStripper() class,
         corresponding to the filetype of the given file
     '''
-    #is_secure(name)
+    is_secure(name)
 
     filename = ""
     realname = name
-- 
cgit v1.3