Skip to content

Commit

Permalink
adding check to params passed to git clone command
Browse files Browse the repository at this point in the history
  • Loading branch information
@CaseyHaralson
CaseyHaralson committed Feb 17, 2024
1 parent 859050e commit 5467905
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/utils/clone.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,14 @@ export default async function clone(
await removePreviousClone(path)

return new Promise<string>((resolve, reject) => {
// https://codeql.github.com/codeql-query-help/javascript/js-second-order-command-line-injection/
if (info.href.includes('upload-pack') || path.includes('upload-pack'))
reject(
new GitlyCloneError(
'The phrase "upload-pack" is not allowed in the URL or path'
)
)

const child = spawn('git', ['clone', info.href, path])

Check failure

Code scanning / CodeQL

Second order command injection High

Command line argument that depends on
library input
Loading
can execute an arbitrary command if --upload-pack is used with git.
Command line argument that depends on
library input
Loading
can execute an arbitrary command if --upload-pack is used with git.
Command line argument that depends on
library input
Loading
can execute an arbitrary command if --upload-pack is used with git.
Command line argument that depends on
library input
Loading
can execute an arbitrary command if --upload-pack is used with git.
Command line argument that depends on
library input
Loading
can execute an arbitrary command if --upload-pack is used with git.
Command line argument that depends on
library input
Loading
can execute an arbitrary command if --upload-pack is used with git.

child.on('close', (code) => {
Expand Down

0 comments on commit 5467905

Please sign in to comment.