zlacker

[parent] [thread] 3 comments
1. xigoi+(OP)[view] [source] 2024-08-25 09:31:40
The very first example on that page is vulnerable to injection.
replies(1): >>richbe+JE
2. richbe+JE[view] [source] 2024-08-25 16:11:39
>>xigoi+(OP)
Which one?
replies(1): >>xigoi+TG
◧◩
3. xigoi+TG[view] [source] [discussion] 2024-08-25 16:24:17
>>richbe+JE 

  #!/bin/bash 
  function csv_to_parquet() {     
      file_path="$1"     
      duckdb -c "COPY (SELECT * FROM read_csv_auto('$file_path')) TO '${file_path%.*}.parquet' (FORMAT PARQUET);" }
replies(1): >>richbe+4W1
◧◩◪
4. richbe+4W1[view] [source] [discussion] 2024-08-26 01:59:46
>>xigoi+TG
Eh, in the context of the site and other snippets that seems pedantic.

Could it be run on untrusted user input? Sure. Does it actually pose a threat? It's improbable.

[go to top]