diff options
| -rw-r--r-- | lib/gitlab_shell.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index 1ce3b60..8ee50c8 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -17,6 +17,9 @@ class GitlabShell @repos_path = @config.repos_path end + # The origin_cmd variable contains UNTRUSTED input. If the user ran + # ssh git@gitlab.example.com 'evil command', then origin_cmd contains + # 'evil command'. def exec(origin_cmd) unless origin_cmd puts "Welcome to GitLab, #{username}!" |