Unquoted xargs pipeline in driver error path #80
Description
Severity: HIGH
Location
ralph/ralph_loop.sh:191
Description
The error message for a missing driver uses xargs without -0, susceptible to filename-based injection. Combined with the RALPH_DIR override, crafted filenames could inject content into the pipeline.
Suggested fix
Replace with a safe glob loop using basename directly.