chiark / gitweb /
~ianmdlvl / fdroidserver.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 32213ef) | patch
use '--' in source vcs calls to protect against malicious input
authorHans-Christoph Steiner <hans@eds.org>
Tue, 23 Jan 2018 21:42:32 +0000 (22:42 +0100)
committerHans-Christoph Steiner <hans@eds.org>
Fri, 26 Jan 2018 09:18:41 +0000 (10:18 +0100)
commit07cdf848d71fc5cd4a3cc4ceda1ecf2b3b8c5a99
treec014c4f6f8ff928cdfd254cbb494693fb0d7a032tree | snapshot
parent32213ef040a39bab88f44d1227f13a4c07ed4faecommit | diff
use '--' in source vcs calls to protect against malicious input

This is a quick and very incomplete addition of '--' to command line calls
to source VCSs like git and hg that could manipulated by malicious
tag/branch names or other vectors.

These were all manually tested by calling the command lines on my own
machine.
fdroidserver/common.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.