In many circles, it is conventional to use backticks in names of C# files containing generic classes. Accessing a file with a backtick in the name causes the following error to be displayed:
Oops! sh: 1: Syntax error: EOF in backquote substitution
Accessing a file with two backticks in the name, such as Source/filename`enclosed`.txt yields:
Oops! sh: 1: enclosed: not found fatal: Path 'Source/filename.txt' does not exist in 'master'
The text was updated successfully, but these errors were encountered:
Not only is this a bug, but a vulnerability in the application. It's quite clear that enclosed, in this case, is being evaluated by sh before passing the file name on. If a maintainer happens to merge a PR without paying attention to everything included, this could be used to open up a backdoor (i.e. Source/filename`nc -lv -p 8778`.txt).
In many circles, it is conventional to use backticks in names of C# files containing generic classes. Accessing a file with a backtick in the name causes the following error to be displayed:
Accessing a file with two backticks in the name, such as
Source/filename`enclosed`.txtyields:The text was updated successfully, but these errors were encountered: