diff options
| author | Anders Kaseorg <andersk@MIT.EDU> | 2013-09-27 06:23:55 -0400 |
|---|---|---|
| committer | Jonathan Nieder <jrnieder@gmail.com> | 2013-09-27 16:06:44 -0700 |
| commit | 1c4fb136dbad762c9c4350ee79c3474ae8037587 (patch) | |
| tree | b5a4b7d74ad1076b9ed858f8a1478adc9bb1f2cd | |
| parent | 02a110ad435a6ccda648f09f94e546dfd7bdd0ac (diff) | |
| download | git-ak/submodule-foreach-quoting.tar.gz | |
submodule foreach: skip eval for more than one argumentak/submodule-foreach-quoting
'eval "$@"' creates an extra layer of shell interpretation, which is
probably not expected by a user who passes multiple arguments to git
submodule foreach:
$ git grep "'"
[searches for single quotes]
$ git submodule foreach git grep "'"
Entering '[submodule]'
/usr/lib/git-core/git-submodule: 1: eval: Syntax error: Unterminated quoted string
Stopping at '[submodule]'; script returned non-zero status.
To fix this, if the user passes more than one argument, execute "$@"
directly instead of passing it to eval.
Examples:
* Typical usage when adding an extra level of quoting is to pass a
single argument representing the entire command to be passed to the
shell. This doesn't change that.
* One can imagine someone feeding untrusted input as an argument:
git submodule foreach git grep "$variable"
That currently results in a nonobvious shell code injection
vulnerability. Executing the command named by the arguments
directly, as in this patch, fixes it.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Acked-by: Johan Herland <johan@herland.net>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
| -rwxr-xr-x | git-submodule.sh | 7 | ||||
| -rwxr-xr-x | t/t7407-submodule-foreach.sh | 9 |
2 files changed, 15 insertions, 1 deletions
diff --git a/git-submodule.sh b/git-submodule.sh index 2979197087..7b2a83d70f 100755 --- a/git-submodule.sh +++ b/git-submodule.sh @@ -545,7 +545,12 @@ cmd_foreach() sm_path=$(relative_path "$sm_path") && # we make $path available to scripts ... path=$sm_path && - eval "$@" && + if test $# -eq 1 + then + eval "$1" + else + "$@" + fi && if test -n "$recursive" then cmd_foreach "--recursive" "$@" diff --git a/t/t7407-submodule-foreach.sh b/t/t7407-submodule-foreach.sh index be93f10cf0..6b2fd39aaa 100755 --- a/t/t7407-submodule-foreach.sh +++ b/t/t7407-submodule-foreach.sh @@ -329,4 +329,13 @@ test_expect_success 'command passed to foreach --recursive retains notion of std test_cmp expected actual ' +test_expect_success 'multi-argument command passed to foreach is not shell-evaluated twice' ' + ( + cd super && + git submodule foreach "echo \\\"quoted\\\"" > ../expected && + git submodule foreach echo \"quoted\" > ../actual + ) && + test_cmp expected actual +' + test_done |