weixin_39618824
weixin_39618824
2020-12-04 11:45

Validation checks in git repository module

As the old saying goes, "I don't expect this pull request to get merged, but..."

In relation to the "todo" item in lib/repositories/git.js, this commit will try to filter some shell operators from being concatenated to the git shell commands that the server executed, blocking a malicious client from potentially executing commands on the server (e.g "&echo>1 https://github.com/user/repo.git") or traversing it's directories (e.g "https://github.com/user/...git").

Cheers!

该提问来源于开源项目:nodejitsu/haibu

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

相关推荐