mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

eliminate showStart showStartOther

Browse source 
These were not handling control characters and are redundant.

Sponsored-by: Jack Hill on Patreon
This commit is contained in:
Joey Hess 2023-04-10 16:07:54 -04:00
parent 3290a09a70
commit a0e6fa18eb
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
7 changed files with 22 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

5
doc/todo/terminal_escapes_in_filenames.mdwn
View file

@ -54,14 +54,11 @@ description of a repository. It seems that git-annex could just filter out
control characters from all of these, since they are not filenames, and
any control characters in them are surely malicious.
Also: git-annex importfeed displays urls from the feed, and should filter
out control characters. If such an url even can be parsed?
Also: git-annex initremote with autoenable may be able to cause a remote
with a malicious name to be set up?
Also: Any place that an exception is thrown with an attacker-controlled value.
`giveup` has been made to filter out control characters, but that leave
`giveup` has been made to filter out control characters, but that leaves
other exceptions, including ones thrown by libraries. Catch all exceptions
at top-level (of program and/or worker threads) and filter out control
characters?