diff options
author | Ævar Arnfjörð Bjarmason <avarab@gmail.com> | 2020-09-21 12:40:00 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2020-09-21 12:37:38 -0700 |
commit | 9a8606465e81a04d58c20324c402ba3464bc706a (patch) | |
tree | 7a4aa1b4c4da0c6bf3a57486fff2fe035b845149 /fetch-negotiator.c | |
parent | remote-mediawiki: annotate unquoted uses of run_git() (diff) | |
download | tgif-9a8606465e81a04d58c20324c402ba3464bc706a.tar.xz |
remote-mediawiki: use "sh" to eliminate unquoted commands
Remove the use of run_git_unquoted() completely with a use of "sh -c"
suggested by Jeff King, i.e.:
sh -c '"$@" 2>/dev/null' -- echo sneaky 'argument;id'
I don't think this is needed now for any potential RCE issue. The
$remotename argument is ultimately picked by the local user (and
similarly, the $local variable comes from a user-supplied
refspec).
But completely eliminating the use of unquoted shell arguments has a
value in and of itself, by making the code easier to review. As noted
in an earlier commit I think the use of IPC::Open3 would be too
verbose here, but this "sh -c" trick strikes the right balance between
readability and semantic sanity.
Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'fetch-negotiator.c')
0 files changed, 0 insertions, 0 deletions