Open joernhees opened 10 years ago
hkdobrev
commented
10 years ago @joernhees Thanks for this! I have contributed part of the Git prompt code in this repo. This is really a nice catch! I have requested to use the official Git prompt script before in this repo, but there was no support for my suggestion. I think the reason was the official script does too much and is less performant.
Again: +1 for using the official Git prompt.
hkdobrev
commented
10 years ago BTW it is worth noting the official Git prompt script does include a fair amount of $() code executions which accept output of git-log, git-rev-list, git-rev-parse, git-config and others.
joernhees
commented
9 years ago i'm not sure this came across right... i'm not 100 % sure there really is a vulnerability here, but i'm not 100 % sure there is none either. that's why i created this issue...
@hkdobrev i don't see any place in __git_ps1() where such output is really evaluated, rather i see places where the return value is used to set variables to things like "%" or "*". If you spot something, definitely report it upstream.
In general that would be the benefit of using upstream code... it's more likely that it gets fixed... but that's probably another issue than the intention of this "maybe you want to have a look"-issue...
after reading your git prompt code and comparing it to the official git-prompt.sh i'm not sure your code doesn't suffer from an injection vulnerability with a specially crafted ref name.
if you think that's not the case just close this issue