Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Errors with filenames having backticks (i.e. backquotes) #395

Closed
mcgwiz opened this issue Oct 31, 2013 · 2 comments
Closed

Errors with filenames having backticks (i.e. backquotes) #395

mcgwiz opened this issue Oct 31, 2013 · 2 comments
Labels

Comments

@mcgwiz
Copy link

mcgwiz commented Oct 31, 2013

In many circles, it is conventional to use backticks in names of C# files containing generic classes. Accessing a file with a backtick in the name causes the following error to be displayed:

Oops! sh: 1: Syntax error: EOF in backquote substitution

Accessing a file with two backticks in the name, such as Source/filename`enclosed`.txt yields:

Oops! sh: 1: enclosed: not found fatal: Path 'Source/filename.txt' does not exist in 'master'

@hatRiot
Copy link

hatRiot commented Dec 17, 2013

Not only is this a bug, but a vulnerability in the application. It's quite clear that enclosed, in this case, is being evaluated by sh before passing the file name on. If a maintainer happens to merge a PR without paying attention to everything included, this could be used to open up a backdoor (i.e. Source/filename`nc -lv -p 8778`.txt).

@hannob
Copy link

hannob commented Dec 7, 2019

Just a note if others find this: This looks very concerning, but looks like it's been fixed, I can't reproduce this in the current version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants