Closed mbaraniak-exodus closed 7 months ago
Also, git add --force .
could be used to add ignored files (unless the ignored files are enforced by a git hook using git update-index --assume-unchanged <file>
), which can lead to the indexing (and potentially commit) of sensitive files.
Description: Several functions defined within
src/utils/git.ts
are not locking command line options:If the attacker ever gains control to invoke the functions listed above with malicious options, it could be possible to jump into interactive shell or perform file inclusion attack.
Steps to reproduce: The easiest way to test git additional command line options will be using your favourite shell:
git commit
could be leveraged to jump into interactive shell. Enable interactive editing with-e
command line option, and type!/bin/sh
git commit
additionally could leverage-F
option to perform local file include and leak file content in the commit message:Some extra information could be found here: https://gtfobins.github.io/gtfobins/git/
Remediation: One potential but not ideal solution would be checking if the first character in each supplied string is not equal to
-
plus validating if string is[a-zA-Z_\-0-9@/]+
Test note:
git commit ``-e
will also work, demonstrating that checking only the first character to be not-
is not sufficient.