subject:"Re\: \[PATCH 4\/7\] completion\: add tests for invalid variable name among completion words"

Re: [PATCH 4/7] completion: add tests for invalid variable name among completion words

2012-11-18 Thread Felipe Contreras

On Sun, Nov 18, 2012 at 12:40 AM, Jonathan Nieder  wrote:
> SZEDER Gábor wrote:
>
>>  The breakage can
>> be simply bogus possible completion words, but it can also be a
>> failure:
>>
>>   $ git branch '${foo.bar}'
>>   $ git checkout 
>>   bash: ${foo.bar}: bad substitution
>
> Or arbitrary code execution:
>
> $ git branch '$(>kilroy-was-here)'
> $ git checkout 
> $ ls -l kilroy-was-here
> -rw-rw-r-- 1 jrn jrn 0 nov 17 15:40 kilroy-was-here
>
> The final version of this patch should go to maint.  Thanks for
> catching it.

Shouldn't this go to the commit message?

-- 
Felipe Contreras
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] completion: add tests for invalid variable name among completion words

2012-11-18 Thread Felipe Contreras

On Sat, Nov 17, 2012 at 12:05 PM, SZEDER Gábor  wrote:

> @@ -155,6 +156,12 @@ test_expect_success '__gitcomp - suffix' '
> test_cmp expected out
>  '
>
> +test_expect_failure '__gitcomp - doesnt fail because of invalid variable 
> name' '
> +   (
> +   __gitcomp "$invalid_variable_name"
> +   )
> +'

Why in a subshell?

-- 
Felipe Contreras
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] completion: add tests for invalid variable name among completion words

2012-11-17 Thread Jonathan Nieder

SZEDER Gábor wrote:

>  The breakage can
> be simply bogus possible completion words, but it can also be a
> failure:
>
>   $ git branch '${foo.bar}'
>   $ git checkout 
>   bash: ${foo.bar}: bad substitution

Or arbitrary code execution:

$ git branch '$(>kilroy-was-here)'
$ git checkout 
$ ls -l kilroy-was-here
-rw-rw-r-- 1 jrn jrn 0 nov 17 15:40 kilroy-was-here

The final version of this patch should go to maint.  Thanks for
catching it.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] completion: add tests for invalid variable name among completion words

Re: [PATCH 4/7] completion: add tests for invalid variable name among completion words

Re: [PATCH 4/7] completion: add tests for invalid variable name among completion words

3 matches

Site Navigation

Mail list logo

Footer information