Closed nguyenth closed 2 years ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hm, running commands you give it is kinda the point. It is a tool for development. Happy to accept a PR to meta-git that sanitizes the input git url.
https://github.com/mateodelnorte/meta-git/blob/master/bin/meta-git-clone#L15-L21
oh wait, did I try to do this two years ago? did that not work?
I don't remember the context of this: https://github.com/mateodelnorte/meta-git/commit/affdd44225d79398b3f8d5eb6183089126bba8c6
EDIT: Toufik Airane authored, I only committed... maybe a squash?
Yea this is fixed - you can try the example from the report and see it just errors
meta-git clone 'sss||touch HACKED'meta git cloning into 'ssstouch HACKED' at ssstouch HACKED
ssstouch HACKED:
fatal: Too many arguments.
and no HACKED
file created
> ls -la | grep HACKED
the hackerone report it references also says "Resolved(Closed)"
looks like this can be updated in settings? @mateodelnorte
https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
🤓 Question
Do we have a plan for resolve the advisory: https://github.com/advisories/GHSA-qcff-ffx3-m25c