Created
July 14, 2017 08:17
-
-
Save wendorf/9fe605f4e1eecae22588dc81b896678c to your computer and use it in GitHub Desktop.
Display actual branch name and avoid interpolation vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/themes/base.theme.bash b/themes/base.theme.bash | |
| index 4dd9d0e..15f70fe 100644 | |
| --- a/themes/base.theme.bash | |
| +++ b/themes/base.theme.bash | |
| @@ -127,13 +127,9 @@ function scm_prompt_info_common { | |
| [[ ${SCM} == ${SCM_SVN} ]] && svn_prompt_info && return | |
| } | |
| -# This is added to address bash shell interpolation vulnerability described | |
| -# here: https://github.com/njhartwell/pw3nage | |
| -function git_clean_branch { | |
| +function git_branch { | |
| local unsafe_ref=$(command git symbolic-ref -q HEAD 2> /dev/null) | |
| - local stripped_ref=${unsafe_ref##refs/heads/} | |
| - local clean_ref=${stripped_ref//[^a-zA-Z0-9\/]/-} | |
| - echo $clean_ref | |
| + echo ${unsafe_ref##refs/heads/} | |
| } | |
| function git_prompt_minimal_info { | |
| @@ -144,8 +140,12 @@ function git_prompt_minimal_info { | |
| if [[ "$(command git config --get bash-it.hide-status)" != "1" ]]; then | |
| # Get the branch reference | |
| - ref=$(git_clean_branch) || \ | |
| - ref=$(command git rev-parse --short HEAD 2> /dev/null) || return 0 | |
| + if [[ -n "$(git_branch)" ]]; then | |
| + ref="\$(git_branch)" | |
| + else | |
| + $(command git rev-parse --short HEAD 2> /dev/null) || return 0 | |
| + ref="\$(command git rev-parse --short HEAD 2> /dev/null)" | |
| + fi | |
| SCM_BRANCH=${SCM_THEME_BRANCH_PREFIX}${ref} | |
| # Get the status | |
| @@ -220,20 +220,20 @@ function git_prompt_vars { | |
| SCM_CHANGE=$(git rev-parse --short HEAD 2>/dev/null) | |
| - local ref=$(git_clean_branch) | |
| + local ref=$(git_branch) | |
| if [[ -n "$ref" ]]; then | |
| - SCM_BRANCH="${SCM_THEME_BRANCH_PREFIX}${ref}" | |
| - local tracking_info="$(grep -- "${SCM_BRANCH}\.\.\." <<< "${status}")" | |
| + SCM_BRANCH="${SCM_THEME_BRANCH_PREFIX}\$(git_branch)" | |
| + local tracking_info="$(grep -- "${ref}\.\.\." <<< "${status}")" | |
| if [[ -n "${tracking_info}" ]]; then | |
| [[ "${tracking_info}" =~ .+\[gone\]$ ]] && local branch_gone="true" | |
| - tracking_info=${tracking_info#\#\# ${SCM_BRANCH}...} | |
| + tracking_info=${tracking_info#\#\# ${ref}...} | |
| tracking_info=${tracking_info% [*} | |
| local remote_name=${tracking_info%%/*} | |
| local remote_branch=${tracking_info#${remote_name}/} | |
| local remote_info="" | |
| local num_remotes=$(git remote | wc -l 2> /dev/null) | |
| - [[ "${SCM_BRANCH}" = "${remote_branch}" ]] && local same_branch_name=true | |
| + [[ "${ref}" = "${remote_branch}" ]] && local same_branch_name=true | |
| if ([[ "${SCM_GIT_SHOW_REMOTE_INFO}" = "auto" ]] && [[ "${num_remotes}" -ge 2 ]]) || | |
| [[ "${SCM_GIT_SHOW_REMOTE_INFO}" = "true" ]]; then | |
| remote_info="${remote_name}" | |
| @@ -253,15 +253,18 @@ function git_prompt_vars { | |
| else | |
| local detached_prefix="" | |
| ref=$(git describe --tags --exact-match 2> /dev/null) | |
| + local display_ref="" | |
| if [[ -n "$ref" ]]; then | |
| detached_prefix=${SCM_THEME_TAG_PREFIX} | |
| + display_ref="\$(git describe --tags --exact-match 2> /dev/null)" | |
| else | |
| ref=$(git describe --contains --all HEAD 2> /dev/null) | |
| ref=${ref#remotes/} | |
| - [[ -z "$ref" ]] && ref=${SCM_CHANGE} | |
| + display_ref="\$(git describe --contains --all HEAD 2> /dev/null)" | |
| + [[ -z "$ref" ]] && display_ref=${SCM_CHANGE} | |
| detached_prefix=${SCM_THEME_DETACHED_PREFIX} | |
| fi | |
| - SCM_BRANCH=${detached_prefix}${ref} | |
| + SCM_BRANCH="${detached_prefix}$display_ref" | |
| SCM_GIT_DETACHED="true" | |
| fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment