Closed nguyenth closed 2 years ago
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
patrickleet
commented
3 years ago Hm, running commands you give it is kinda the point. It is a tool for development. Happy to accept a PR to meta-git that sanitizes the input git url.
https://github.com/mateodelnorte/meta-git/blob/master/bin/meta-git-clone#L15-L21
patrickleet
commented
3 years ago oh wait, did I try to do this two years ago? did that not work?
I don't remember the context of this: https://github.com/mateodelnorte/meta-git/commit/affdd44225d79398b3f8d5eb6183089126bba8c6
EDIT: Toufik Airane authored, I only committed... maybe a squash?
patrickleet
commented
3 years ago patrickleet
commented
3 years ago Yea this is fixed - you can try the example from the report and see it just errors
meta-git clone 'sss||touch HACKED'meta git cloning into 'ssstouch HACKED' at ssstouch HACKED
ssstouch HACKED:
fatal: Too many arguments.and no HACKED file created
> ls -la | grep HACKEDthe hackerone report it references also says "Resolved(Closed)"
patrickleet
commented
3 years ago looks like this can be updated in settings? @mateodelnorte
https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
🤓 Question
Do we have a plan for resolve the advisory: https://github.com/advisories/GHSA-qcff-ffx3-m25c