fix: 解决命令注入waf被绕过的问题 (#4268)

8 months ago · 1ff5bf85e9
1 changed files with 1 additions and 1 deletions
--- a/backend/utils/cmd/cmd.go
+++ b/backend/utils/cmd/cmd.go
@ -178,7 +178,7 @@ func CheckIllegal(args ...string) bool {
 		if strings.Contains(arg, "&") || strings.Contains(arg, "|") || strings.Contains(arg, ";") ||
 			strings.Contains(arg, "$") || strings.Contains(arg, "'") || strings.Contains(arg, "`") ||
 			strings.Contains(arg, "(") || strings.Contains(arg, ")") || strings.Contains(arg, "\"") ||
-			strings.Contains(arg, "\n") || strings.Contains(arg, "\r") {
+			strings.Contains(arg, "\n") || strings.Contains(arg, "\r") || strings.Contains(arg, ">") {
 			return true
 		}
 	}