Update and rename greeter.py to burner.py

[h3xar0n]

No description provided.

[dryrunsecurity]

This pull request introduces a high-severity command injection vulnerability: the script reads sys.argv[1] and interpolates it directly into an os.system call (python-command-injection/burner.py, lines 7–10) without validation or sanitization, allowing an attacker to execute arbitrary shell commands via metacharacters. Please validate or sanitize inputs, avoid using os.system with user data (use subprocess.run with a list or proper escaping), or implement strict input validation before merging.

🟠 Command Injection in python-command-injection/burner.py (drs_5c01c95a)

Vulnerability	Command Injection
Description	The script takes the first command-line argument directly from sys.argv[1] and passes it into an os.system call via an f-string without any sanitization or validation. An attacker can inject arbitrary shell commands by including shell metacharacters in the filename argument, such as ;, &&, or ``.

security-project/python-command-injection/burner.py

Lines 7 to 10 in f90a38a

	os.system(f"cat {filename} > /dev/sda")
	if __name__ == "__main__":
	if len(sys.argv) > 1:

---

Comment to provide feedback on these findings.

Report false positive: @dryrunsecurity fp [FINDING ID] [FEEDBACK]
Report low-impact: @dryrunsecurity nit [FINDING ID] [FEEDBACK]

Example: @dryrunsecurity fp drs_90eda195 This code is not user-facing

All finding details can be found in the DryRun Security Dashboard.