[snowpatch] [PATCH] utils: Make sanitise_path() sanitise harder
Russell Currey
ruscur at russell.cc
Fri Nov 9 15:56:16 AEDT 2018
On Wed, 2018-09-12 at 14:55 +1000, Andrew Donnellan wrote:
> The current list of characters to sanitise in sanitise_path() is
> incomplete, as we learned when we saw a build fail because someone
> had
> included < in their patch summary.
>
> Rather than maintain a list of dangerous characters which might be
> problematic, let's just attack this with a giant hammer and filter
> everything that's not alphanumeric as defined by Rust.
>
> Closes: #48 ("Normalise branch names to reduce shell injection
> vulnerabilities")
> Signed-off-by: Andrew Donnellan <andrew.donnellan at au1.ibm.com>
Sorry I let this slip. Should've been doing this from the start, I am
dumb.
Merged to master as 1da364f3d620ac8014c3c13cac2f7bf6207c783c
More information about the snowpatch
mailing list