You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
topydo passes TODO texts as the repl argument of re.sub unchanged at topydo/lib/ListFormat.py:291.
If an issue contains a backslash, it is thus interpreted as an escape: an issue containing foo \t bar will output only foo.
This can also lead to crashing topydo: foo \g<t> bar will trigger a crash
This, finally, also means that the TODO task can output whatever bytes it wants to the terminal without any check from topydo, thus potentially opening way to exploiting a flaw in the terminal's escape code handling from an untrusted todo.txt files (eg. automatically generated from untrusted sources, like code). (the attack path here looks rather narrow to me, though): foo \046 bar outputs foo & bar foo \033[5m bar makes bar blink \033[1A you didn't see this erases the previous TODO on the list (in topydo ls output) and replaces it by “you didn't see this”
etc.
The text was updated successfully, but these errors were encountered:
topydo
passes TODO texts as therepl
argument ofre.sub
unchanged at topydo/lib/ListFormat.py:291.If an issue contains a backslash, it is thus interpreted as an escape: an issue containing
foo \t bar
will output onlyfoo
.This can also lead to crashing
topydo
:foo \g<t> bar
will trigger a crashThis, finally, also means that the TODO task can output whatever bytes it wants to the terminal without any check from topydo, thus potentially opening way to exploiting a flaw in the terminal's escape code handling from an untrusted todo.txt files (eg. automatically generated from untrusted sources, like code). (the attack path here looks rather narrow to me, though):
foo \046 bar
outputsfoo & bar
foo \033[5m bar
makesbar
blink\033[1A you didn't see this
erases the previous TODO on the list (intopydo ls
output) and replaces it by “you didn't see this”etc.
The text was updated successfully, but these errors were encountered: