Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

realpath hygiene for external commands #2623

Merged
merged 1 commit into from
Feb 4, 2014
Merged

realpath hygiene for external commands #2623

merged 1 commit into from
Feb 4, 2014

Conversation

rolandwalker
Copy link
Contributor

For external commands which do not support the doubledash convention
(#2613), wrap file arguments in Pathname.new(file).realpath at the
very last minute. This provides a guarantee against surprises caused
by unusual filenames which might be misinterpreted as flags.

If you follow the current code, the arguments altered by this patch all
ought to be absolute paths already (though not all of them are instances
of Pathname). So, there is no functional change, only a safety rail
against future changes.

This patch covers the external commands hdiutil and unzip.

This was referenced Jan 26, 2014
Merged
Closed
@rolandwalker
realpath hygiene for external commands
9a0751b 
For external commands which do not support the doubledash convention
(Homebrew#2613), wrap file arguments in Pathname.new(file).realpath at the
very last minute.  This provides a guarantee against surprises caused
by unusual filenames which might be misinterpreted as flags.
rolandwalker added a commit that referenced this pull request Feb 4, 2014
@rolandwalker
Merge pull request #2623 from rolandwalker/realpath_failsafes
8fb4bdd 
realpath hygiene for external commands
@rolandwalker rolandwalker merged commit 8fb4bdd into Homebrew:master Feb 4, 2014
@rolandwalker rolandwalker deleted the realpath_failsafes branch February 4, 2014 01:08
rolandwalker added a commit to rolandwalker/homebrew-cask that referenced this pull request Feb 11, 2014
@rolandwalker
weird filename safety: wrap @path in realpath
7d2007a 
As in Homebrew#2623. I didn't investigate whether AIR installer supports
the doubledash convention.
@rolandwalker rolandwalker mentioned this pull request Feb 11, 2014
Merged
@Homebrew Homebrew locked and limited conversation to collaborators May 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@rolandwalker