diff options
| author | Craig Jennings <c@cjennings.net> | 2025-11-13 13:42:40 -0600 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2025-11-13 13:42:40 -0600 |
| commit | cc5cb037e923174684bd2cf7aa8b185283679a29 (patch) | |
| tree | 65b3d63bc6760b33295e2d0fe227d046bc4503e0 /test-from-git | |
| parent | 97c61735ae1b2c787bef9fb70bdf7e7d53f72d99 (diff) | |
| download | org-drill-cc5cb037e923174684bd2cf7aa8b185283679a29.tar.gz org-drill-cc5cb037e923174684bd2cf7aa8b185283679a29.zip | |
Security: Replace unsafe read() calls with safer alternatives
Replaced unsafe use of read() function on user-controlled property values
to prevent arbitrary code execution vulnerability.
Changes:
- Lines 1353, 1406: Changed read() to string-to-number() for DRILL_CARD_WEIGHT
- Line 2838: Changed read() to string-to-number() for DRILL_LAST_INTERVAL
- Line 1068: Created org-drill--safe-read-learn-data() helper function that:
* Uses read-from-string instead of read
* Validates input is a list with at least 3 numeric elements
* Returns nil on invalid/malicious input with error handling
* Falls back to safe defaults if LEARN_DATA is corrupted
Impact: Prevents arbitrary code execution if attacker controls org-mode
properties through shared files or malicious imports.
Fixes severity A security bug in todo.org
Diffstat (limited to 'test-from-git')
0 files changed, 0 insertions, 0 deletions