This software engineer profile builder turns your code into a detailed list of skills for an online directory of software developers.
GNU Affero General Public License v3.0
22
stars
1
forks
source link
Sanitise string interpolation for GIT command arguments #3
Open
rimutaka opened 3 years ago
There are a few places in the args are built from variable strings, which can be an attack vector. E.g. using a commit SHA1 or committer name.
E.g.
I'm not sure if this is a real threat, but better be safe. Asked the question here https://www.reddit.com/r/rust/comments/kr989u/are_processcommand_arguments_safe_from_code/