Great post Peter. Very clear and easy to follow. In terms of sanitising the user input — would it be enough to throw some quotes around the user input when passing it to exec?
For instance, the ‘ls’ command handles ‘ls “dir_name”’ the same as ‘ls dir_name’, but the quotes around “dir_name” will prevent the effects of nasty user input.
For example, if the user typed something like ‘cli-app -al “; rm -rf/”’, the list function in your code could avoid the potentially nasty outcome of this input by wrapping the user input in quotes. The result would be the following command sent to exec: ‘ls -al “; rm -rf /”’ which will just cause the ‘ls’ command to throw a ‘No such file or directory’ error, rather than executing the bad input.
I could be wrong but this is just a passing notion. Please point out if there is something I’m not aware of.