grep: avoid shell code evaluation #749
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
mknos
commented
Sep 30, 2024
mknos
commented
- When running grep -g or -u, the default code uses Term::Cap but this fails over to executing external tput command
- tput would be available on Linux/BSD but is not a consideration for Windows
- Feed the TERM environment variable to tput command in single quotes to prevent shell commands from being initiated though TERM
- To verify this I had to temporarily bypass the Term::Cap code on my Linux system
- No other instances of backticks, system() or exec() calls within grep
* When running grep -g or -u, the default code uses Term::Cap but this fails over to executing external tput command * tput would be available on Linux/BSD but is not a consideration for Windows * Feed the TERM environment variable to tput command in single quotes to prevent shell commands from being initiated though TERM * To verify this I had to temporarily bypass the Term::Cap code on my Linux system * No other instances of backticks, system() or exec() calls within grep %TERM='linux;halt -p;' perl grep -g include a.c # with patch applied tput fails but system doesn't halt tput: unknown terminal "linux;halt -p;" tput: unknown terminal "linux;halt -p;" #include <stdio.h> #include <stdlib.h>
github-actions
bot
added
Type: enhancement
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
Pull Request Test Coverage Report for Build 11125842795Details
💛 - Coveralls |
briandfoy
requested changes
Sep 30, 2024
briandfoy
added
the
Status: changes requested
* Previous commit was half baked because invalid user input could still creep into shell * Switch backticks over to system LIST, which does not execute tput via a shell * Code for redirecting and restoring STDOUT was lifted out of bin/awk
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
mknos
temporarily deployed
to
automated_testing
GitHub Actions
Inactive
briandfoy
approved these changes
Oct 5, 2024
briandfoy
added
Status: accepted
|
changes: be more careful with handling the TERM env var |
briandfoy
added
Status: released
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.