Hello, When grep prints filenames (such as in grep -r), it does not seem to check for ansi escape sequences.
Reproduce: ``` filename=$(printf "\033[33;1;4myello_underline\033[0m") echo hi > $filename grep -r "hi" . ``` If you squint, this could be seen as a security risk, but I think it's probably not. An attacker could hide logs when searched with grep if they could create files with arbitrary names in a directory a user might search. There's also the issue of bad terminals that allow command execution from escape sequences. I'll let you decide if it should get a CVE/marked as a security issue or not. I did not see any prior bug reports of this, hopefully this isn't something you already know about. Cheers, Skyler