I'm building a program that needs access to the elm compiler, which may be installed via npm. In such cases, it seems the only way to execute it in Windows is via
Command::new("cmd").arg("/C").arg("elm"). The thing is, users of my tests runner can pass as argument the path to their executable if needed. Concretely, this is the current code, which works on linux/mac and windows for actual executables (not cmd shells):
let executable = which::CanonicalPath::new(compiler)?; Command::new(executable) .arg("make") .current_dir(current_dir) .status()
compiler comes from a CLI
--compiler argument so may contain anything that the user gives. I'm no security expert but usually, we should never trust user inputs for things that get passed to an evaluation mechanism. So if I add a special case for Windows doing something like
Command::new("cmd") .arg("/C") .arg(compiler) .args(some_args) .status()
when the executable is not found, am I exposed to security threats? Is there a documentation somewhere on how to handle that safely? Or am I being over-cautious for nothing?