Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid spawning a shell when spawning subprocess for git #278

Merged
merged 2 commits into from
Feb 4, 2024
Merged

Avoid spawning a shell when spawning subprocess for git #278

merged 2 commits into from
Feb 4, 2024

Conversation

lieryan
Copy link
Contributor

@lieryan lieryan commented Jan 11, 2024
edited

This avoids security shenanigans that can come if your git-commit-id may come from potentially untrusted source (e.g. a build/linter service's API), an attacker could trick the build system to run lint commands like:

./manage.py lintmigrations --git-commit-id '; rm -rf dangerous'

or perhaps a malicious project may set a config like and told you to run lintmigrations:

[tool.django_migration_linter]
git_commit_id = "; rm -rf dangerous"

@lieryan lieryan changed the title Avoid using shell when spawning subprocess for git Avoid spawning a shell when spawning subprocess for git Jan 11, 2024
@codecov-commenter
Copy link

codecov-commenter commented Feb 4, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (fff081f) 96.47% compared to head (0ccacaa) 96.47%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #278   +/-   ##
=======================================
  Coverage   96.47%   96.47%           
=======================================
  Files          66       66           
  Lines        1191     1191           
=======================================
  Hits         1149     1149           
  Misses         42       42

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

lieryan and others added 2 commits February 4, 2024 19:50
@lieryan @David-Wobrock
Avoid using shell when spawning subprocess for git
9d25c69 
This avoids security shenanigans that can come if your `git-commit-id`
may come from potentially untrusted source (e.g. an API), an attacker
could trick you to run shell commands like:

    ./manage.py lintmigrations --git-commit-id '; rm -rf dangerous'

or a malicious project may set a config like:

    [tool.django_migration_linter]
    git_commit_id = "; rm -rf dangerous"
@David-Wobrock
Add changelog entry.
0ccacaa
@David-Wobrock David-Wobrock self-assigned this Feb 4, 2024
@David-Wobrock
Copy link
Collaborator

Nice, thank you very much @lieryan 🙏

@David-Wobrock David-Wobrock merged commit 6dad9c0 into 3YOURMIND:main Feb 4, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@David-Wobrock David-Wobrock

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lieryan @codecov-commenter @David-Wobrock