Doubledash hygiene for external commands #2613
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jan 25, 2014
also includes doubledash hygiene for any child commands following each sudo
rolandwalker
added a commit
that referenced
this pull request
Feb 4, 2014
Doubledash hygiene for external commands
rolandwalker
added a commit
to rolandwalker/homebrew-cask
that referenced
this pull request
Feb 4, 2014
For external commands which do not support the doubledash convention (Homebrew#2613), wrap file arguments in Pathname.new(file).realpath at the very last minute. This provides a guarantee against surprises caused by unusual filenames which might be misinterpreted as flags.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Many Unix utilities follow the convention of doubledash (
--) to segregatefilenames/branchnames/usernames, etc from flags. For example, if you wish
to delete a file named
-f, you can sayEverything to the right side of doubledash is read by
rmas a filename.Using doudbledash is best practice whenever calling Unix utilities
programatically. It does lower the attack surface for malicious inputs, but
the main benefit is avoiding unintended consequences from legitimate inputs.
In cases where a flag takes an argument, eg
tar -f <file>, there is noambiguity about
<file>, and doubledash or other tricks are not needed.For reference, here are various examples of command forms which
accept doubledash. This PR audits homebrew-cask for all of those listed,
though some of them may not have been present.
Other commands exist which do not support doubledash, for which a separate
PR will follow.
This is a followup to #2595, and is relevant to #2556, though it does not itself fix that bug.