diff options
| author | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2015-11-26 17:33:08 +0100 |
|---|---|---|
| committer | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2015-11-26 17:33:08 +0100 |
| commit | 9d12fa78d8eb10235dbd287478a3c861dc5a7a25 (patch) | |
| tree | 35a85bc72e814ac0f54a80b345d46fcd3bf42ea8 | |
| parent | ca66ab5191510aac5c71f3ab7ad3172d1cf3b67a (diff) | |
| download | gitlab-shell-stricter-exec_cmd.tar.gz | |
Add comment about untrusted origin_cmdstricter-exec_cmd
| -rw-r--r-- | lib/gitlab_shell.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index 1ce3b60..8ee50c8 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -17,6 +17,9 @@ class GitlabShell @repos_path = @config.repos_path end + # The origin_cmd variable contains UNTRUSTED input. If the user ran + # ssh git@gitlab.example.com 'evil command', then origin_cmd contains + # 'evil command'. def exec(origin_cmd) unless origin_cmd puts "Welcome to GitLab, #{username}!" |