XorA
/
bash-it
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #940 from denmat/denmat_issues_920 

issue #920 - bash interpolation vulnerability

closes #920
pull/758/merge
Nils Winkler 2017-04-21 08:31:51 +02:00 committed by GitHub
parent 438e3dadc0 01e5cee40c
commit cf46f76bdf
1 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
themes/base.theme.bash
View File

@ -123,6 +123,15 @@ function scm_prompt_info_common {
[[ ${SCM} == ${SCM_SVN} ]] && svn_prompt_info && return [[ ${SCM} == ${SCM_SVN} ]] && svn_prompt_info && return
} }
# This is added to address bash shell interpolation vulnerability described
# here: https://github.com/njhartwell/pw3nage
function git_clean_branch {
local unsafe_ref=$(command git symbolic-ref -q HEAD 2> /dev/null)
local stripped_ref=${unsafe_ref##refs/heads/}
local clean_ref=${stripped_ref//[^a-zA-Z0-9\/]/-}
echo $clean_ref
}
function git_prompt_minimal_info { function git_prompt_minimal_info {
local ref local ref
local status local status
@ -131,9 +140,9 @@ function git_prompt_minimal_info {
if [[ "$(command git config --get bash-it.hide-status)" != "1" ]]; then if [[ "$(command git config --get bash-it.hide-status)" != "1" ]]; then
# Get the branch reference # Get the branch reference
ref=$(command git symbolic-ref -q HEAD 2> /dev/null) || \ ref=$(git_clean_branch) || \
ref=$(command git rev-parse --short HEAD 2> /dev/null) || return 0 ref=$(command git rev-parse --short HEAD 2> /dev/null) || return 0
SCM_BRANCH=${SCM_THEME_BRANCH_PREFIX}${ref#refs/heads/} SCM_BRANCH=${SCM_THEME_BRANCH_PREFIX}${ref}
# Get the status # Get the status
[[ "${SCM_GIT_IGNORE_UNTRACKED}" = "true" ]] && git_status_flags+='-untracked-files=no' [[ "${SCM_GIT_IGNORE_UNTRACKED}" = "true" ]] && git_status_flags+='-untracked-files=no'
@ -207,10 +216,11 @@ function git_prompt_vars {
SCM_CHANGE=$(git rev-parse --short HEAD 2>/dev/null) SCM_CHANGE=$(git rev-parse --short HEAD 2>/dev/null)
local ref=$(git symbolic-ref -q HEAD 2> /dev/null) local ref=$(git_clean_branch)
if [[ -n "$ref" ]]; then if [[ -n "$ref" ]]; then
SCM_BRANCH=${SCM_THEME_BRANCH_PREFIX}${ref#refs/heads/} SCM_BRANCH="${SCM_THEME_BRANCH_PREFIX}${ref}"
local tracking_info="$(grep "${SCM_BRANCH}\.\.\." <<< "${status}")" local tracking_info="$(grep -- "${SCM_BRANCH}\.\.\." <<< "${status}")"
if [[ -n "${tracking_info}" ]]; then if [[ -n "${tracking_info}" ]]; then
[[ "${tracking_info}" =~ .+\[gone\]$ ]] && local branch_gone="true" [[ "${tracking_info}" =~ .+\[gone\]$ ]] && local branch_gone="true"
tracking_info=${tracking_info#\#\# ${SCM_BRANCH}...} tracking_info=${tracking_info#\#\# ${SCM_BRANCH}...}
@ -426,17 +436,17 @@ function clock_prompt {
# backwards-compatibility # backwards-compatibility
function git_prompt_info { function git_prompt_info {
git_prompt_vars git_prompt_vars
echo -e "$SCM_PREFIX$SCM_BRANCH$SCM_STATE$SCM_SUFFIX" echo -e "${SCM_PREFIX}${SCM_BRANCH}${SCM_STATE}${SCM_SUFFIX}"
} }
function svn_prompt_info { function svn_prompt_info {
svn_prompt_vars svn_prompt_vars
echo -e "$SCM_PREFIX$SCM_BRANCH$SCM_STATE$SCM_SUFFIX" echo -e "${SCM_PREFIX}${SCM_BRANCH}${SCM_STATE}${SCM_SUFFIX}"
} }
function hg_prompt_info() { function hg_prompt_info() {
hg_prompt_vars hg_prompt_vars
echo -e "$SCM_PREFIX$SCM_BRANCH:${SCM_CHANGE#*:}$SCM_STATE$SCM_SUFFIX" echo -e "${SCM_PREFIX}${SCM_BRANCH}:${SCM_CHANGE#*:}${SCM_STATE}${SCM_SUFFIX}"
} }
function scm_char { function scm_char {