Exec is currently used liberally throughout pegit for querying git, much of which includes unsanitised user input. In pegit's case this should always be safe in practice, since it's only consumer is a CLI user who will have the same privileges as any command run internally, and pegit does not expose an API.
However more generally this is considered to be dangerous and is a source of arbitrary command execution. Even though it's not an actual security issue for pegit, It's good to follow this best practice to not encourage dangerous use of exec, also sometimes things are used in unintended ways.
I will address this issue once i've found a satisfying solution for improving git interface performance (if it's still relevant).
Exec is currently used liberally throughout pegit for querying git, much of which includes unsanitised user input. In pegit's case this should always be safe in practice, since it's only consumer is a CLI user who will have the same privileges as any command run internally, and pegit does not expose an API.
However more generally this is considered to be dangerous and is a source of arbitrary command execution. Even though it's not an actual security issue for pegit, It's good to follow this best practice to not encourage dangerous use of exec, also sometimes things are used in unintended ways.
I will address this issue once i've found a satisfying solution for improving git interface performance (if it's still relevant).