Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fixed RCE in git grep.
A specific option in git grep could be added inside the pattern to be searched for, resulting in possible RCE. Thanks to Kacper Szurek (https://security.szurek.pl) for catching this one!
- Loading branch information
1 parent
464d4db
commit 87b8c26
Showing
2 changed files
with
31 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| <?php | ||
|
|
||
| use GitList\Git\Client; | ||
| use GitList\Git\Repository; | ||
| use PHPUnit\Framework\TestCase; | ||
| use Prophecy\Argument; | ||
|
|
||
| class RepositoryTest extends TestCase | ||
| { | ||
| public function testIsSanitizingSearchWithPager() | ||
| { | ||
| $client = $this->prophesize(Client::class); | ||
| $client->run(Argument::type(Repository::class), "grep -i --line-number -- '=sleep 5;' master")->shouldBeCalled(); | ||
|
|
||
| $repository = new Repository('/tmp', $client->reveal()); | ||
| $repository->searchTree('--open-files-in-pager=sleep 5;', 'master'); | ||
| $repository->searchTree('-O=sleep 5;', 'master'); | ||
| } | ||
|
|
||
| public function testIsSanitizingSearchWithAnyOption() | ||
| { | ||
| $client = $this->prophesize(Client::class); | ||
| $client->run(Argument::type(Repository::class), "grep -i --line-number -- 'foobar =bar;' foo")->shouldBeCalled(); | ||
|
|
||
| $repository = new Repository('/tmp', $client->reveal()); | ||
| $repository->searchTree('foobar --bar --foo=bar;', 'foo'); | ||
| } | ||
| } |