Adds a check for command injections in the input for hg and git

CocoaPods / cocoapods-downloader

A small library that provides downloaders for various source types (HTTP/SVN/Git/Mercurial)

MIT License

84 stars 71 forks source link

Adds a check for command injections in the input for hg and git #124

Closed orta closed 2 years ago

orta commented 2 years ago

It's possible to engineer a string which would cause the hg or git command to run shell commands, this has been blocked up in trunk already (https://github.com/CocoaPods/trunk.cocoapods.org/pull/324) and this fixes it client-side

dnkoutso commented 2 years ago

Going to merge this and fix CI separately for Ruby 3.0