diff options
| author | Tomasz Maczukin <tomasz@maczukin.pl> | 2015-11-04 23:45:27 +0100 |
|---|---|---|
| committer | Tomasz Maczukin <tomasz@maczukin.pl> | 2015-11-04 23:45:27 +0100 |
| commit | 3a52662ce3cb797a49f992d60bd976f03fbf1bb1 (patch) | |
| tree | 1993526294f1fd52124aaa4790e1136fb8f9c036 /doc/development/shell_commands.md | |
| parent | 89ecba5e6cec6632c2f8e3baef6604b1b8ea0d45 (diff) | |
| parent | 95da91a66de5820a44989aa708338c24177cd10c (diff) | |
| download | gitlab-ce-3a52662ce3cb797a49f992d60bd976f03fbf1bb1.tar.gz | |
Merge branch 'master' into fix/visibility-level-setting-in-forked-projects
* master: (23 commits)
Use single spaces
Improvements to profile page UI
Replace all usages of `git` command with configurable binary path
Update Shell Commands doc for configurable git binary path
Minor reformatting for Facebook integration doc
Use proper labels for OAuth providers
Add Facebook authentication
Bump stamp to ~> 0.6.0
Add extra padding between user description and links on profile page
Fix tests
Fix clipboard button overflow
Apply new design for user profile page
Improve profile page UI
Better name for up-level links
Fixed User sorting specs
Only sort by IDs by default
Added benchmark for User.all
Add changelog entry for contacted_at
Spread out runner contacted_at updates
Only redirect to homepage url when its not the root url
...
Diffstat (limited to 'doc/development/shell_commands.md')
| -rw-r--r-- | doc/development/shell_commands.md | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/doc/development/shell_commands.md b/doc/development/shell_commands.md index 2d1d0fb4154..65cdd74bdb6 100644 --- a/doc/development/shell_commands.md +++ b/doc/development/shell_commands.md @@ -35,6 +35,16 @@ Gitlab::Popen.popen(%W(find /some/path -not -path /some/path -mmin +120 -delete) This coding style could have prevented CVE-2013-4490. +## Always use the configurable git binary path for git commands + +```ruby +# Wrong +system(*%W(git branch -d -- #{branch_name})) + +# Correct +system(*%W(#{Gitlab.config.git.bin_path} branch -d -- #{branch_name})) +``` + ## Bypass the shell by splitting commands into separate tokens When we pass shell commands as a single string to Ruby, Ruby will let `/bin/sh` evaluate the entire string. Essentially, we are asking the shell to evaluate a one-line script. This creates a risk for shell injection attacks. It is better to split the shell command into tokens ourselves. Sometimes we use the scripting capabilities of the shell to change the working directory or set environment variables. All of this can also be achieved securely straight from Ruby @@ -81,9 +91,9 @@ In the GitLab codebase, we avoid the option/argument ambiguity by _always_ using ```ruby # Wrong -system(*%W(git branch -d #{branch_name})) +system(*%W(#{Gitlab.config.git.bin_path} branch -d #{branch_name})) # Correct -system(*%W(git branch -d -- #{branch_name})) +system(*%W(#{Gitlab.config.git.bin_path} branch -d -- #{branch_name})) ``` This coding style could have prevented CVE-2013-4582. @@ -94,9 +104,9 @@ Capturing the output of shell commands with backticks reads nicely, but you are ```ruby # Wrong -logs = `cd #{repo_dir} && git log` +logs = `cd #{repo_dir} && #{Gitlab.config.git.bin_path} log` # Correct -logs, exit_status = Gitlab::Popen.popen(%W(git log), repo_dir) +logs, exit_status = Gitlab::Popen.popen(%W(#{Gitlab.config.git.bin_path} log), repo_dir) # Wrong user = `whoami` @@ -108,7 +118,7 @@ In other repositories, such as gitlab-shell you can also use `IO.popen`. ```ruby # Safe IO.popen example -logs = IO.popen(%W(git log), chdir: repo_dir) { |p| p.read } +logs = IO.popen(%W(#{Gitlab.config.git.bin_path} log), chdir: repo_dir) { |p| p.read } ``` Note that unlike `Gitlab::Popen.popen`, `IO.popen` does not capture standard error. |