git-prompt.sh: don't put unsanitized branch names in $PS1

Both bash and zsh subject the value of PS1 to parameter expansion,
command substitution, and arithmetic expansion.  Rather than include
the raw, unescaped branch name in PS1 when running in two- or
three-argument mode, construct PS1 to reference a variable that holds
the branch name.  Because the shells do not recursively expand, this
avoids arbitrary code execution by specially-crafted branch names such
as '$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)'.

Signed-off-by: Richard Hansen <rhansen@bbn.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2 files changed
tree: b7dc68f4d791a2b9210e8fe0b43abf80117d43b9
  1. block-sha1/
  2. builtin/
  3. compat/
  4. contrib/
  5. Documentation/
  6. git-gui/
  7. gitk-git/
  8. gitweb/
  9. mergetools/
  10. perl/
  11. po/
  12. ppc/
  13. t/
  14. templates/
  15. vcs-svn/
  16. xdiff/
  17. .gitattributes
  18. .gitignore
  19. .mailmap
  20. abspath.c
  21. aclocal.m4
  22. advice.c
  23. advice.h
  24. alias.c
  25. alloc.c
  26. archive-tar.c
  27. archive-zip.c
  28. archive.c
  29. archive.h
  30. argv-array.c
  31. argv-array.h
  32. attr.c
  33. attr.h
  34. base85.c
  35. bisect.c
  36. bisect.h
  37. blob.c
  38. blob.h
  39. branch.c
  40. branch.h
  41. builtin.h
  42. bulk-checkin.c
  43. bulk-checkin.h
  44. bundle.c
  45. bundle.h
  46. cache-tree.c
  47. cache-tree.h
  48. cache.h
  49. check-builtins.sh
  50. check-racy.c
  51. check_bindir
  52. color.c
  53. color.h
  54. column.c
  55. column.h
  56. combine-diff.c
  57. command-list.txt
  58. commit-slab.h
  59. commit.c
  60. commit.h
  61. config.c
  62. config.mak.in
  63. config.mak.uname
  64. configure.ac
  65. connect.c
  66. connect.h
  67. connected.c
  68. connected.h
  69. convert.c
  70. convert.h
  71. copy.c
  72. COPYING
  73. credential-cache--daemon.c
  74. credential-cache.c
  75. credential-store.c
  76. credential.c
  77. credential.h
  78. csum-file.c
  79. csum-file.h
  80. ctype.c
  81. daemon.c
  82. date.c
  83. decorate.c
  84. decorate.h
  85. delta.h
  86. diff-delta.c
  87. diff-lib.c
  88. diff-no-index.c
  89. diff.c
  90. diff.h
  91. diffcore-break.c
  92. diffcore-delta.c
  93. diffcore-order.c
  94. diffcore-pickaxe.c
  95. diffcore-rename.c
  96. diffcore.h
  97. dir.c
  98. dir.h
  99. editor.c
  100. entry.c
  101. environment.c
  102. exec_cmd.c
  103. exec_cmd.h
  104. fast-import.c
  105. fetch-pack.c
  106. fetch-pack.h
  107. fmt-merge-msg.h
  108. fsck.c
  109. fsck.h
  110. generate-cmdlist.sh
  111. gettext.c
  112. gettext.h
  113. git-add--interactive.perl
  114. git-am.sh
  115. git-archimport.perl
  116. git-bisect.sh
  117. git-compat-util.h
  118. git-cvsexportcommit.perl
  119. git-cvsimport.perl
  120. git-cvsserver.perl
  121. git-difftool--helper.sh
  122. git-difftool.perl
  123. git-filter-branch.sh
  124. git-instaweb.sh
  125. git-lost-found.sh
  126. git-merge-octopus.sh
  127. git-merge-one-file.sh
  128. git-merge-resolve.sh
  129. git-mergetool--lib.sh
  130. git-mergetool.sh
  131. git-p4.py
  132. git-parse-remote.sh
  133. git-pull.sh
  134. git-quiltimport.sh
  135. git-rebase--am.sh
  136. git-rebase--interactive.sh
  137. git-rebase--merge.sh
  138. git-rebase.sh
  139. git-relink.perl
  140. git-remote-testgit.sh
  141. git-request-pull.sh
  142. git-send-email.perl
  143. git-sh-i18n.sh
  144. git-sh-setup.sh
  145. git-stash.sh
  146. git-submodule.sh
  147. git-svn.perl
  148. GIT-VERSION-GEN
  149. git-web--browse.sh
  150. git.c
  151. git.rc
  152. git.spec.in
  153. gpg-interface.c
  154. gpg-interface.h
  155. graph.c
  156. graph.h
  157. grep.c
  158. grep.h
  159. hash.c
  160. hash.h
  161. help.c
  162. help.h
  163. hex.c
  164. http-backend.c
  165. http-fetch.c
  166. http-push.c
  167. http-walker.c
  168. http.c
  169. http.h
  170. ident.c
  171. imap-send.c
  172. INSTALL
  173. kwset.c
  174. kwset.h
  175. levenshtein.c
  176. levenshtein.h
  177. LGPL-2.1
  178. line-log.c
  179. line-log.h
  180. line-range.c
  181. line-range.h
  182. list-objects.c
  183. list-objects.h
  184. ll-merge.c
  185. ll-merge.h
  186. lockfile.c
  187. log-tree.c
  188. log-tree.h
  189. mailmap.c
  190. mailmap.h
  191. Makefile
  192. match-trees.c
  193. merge-blobs.c
  194. merge-blobs.h
  195. merge-recursive.c
  196. merge-recursive.h
  197. merge.c
  198. mergesort.c
  199. mergesort.h
  200. name-hash.c
  201. notes-cache.c
  202. notes-cache.h
  203. notes-merge.c
  204. notes-merge.h
  205. notes-utils.c
  206. notes-utils.h
  207. notes.c
  208. notes.h
  209. object.c
  210. object.h
  211. pack-check.c
  212. pack-revindex.c
  213. pack-revindex.h
  214. pack-write.c
  215. pack.h
  216. pager.c
  217. parse-options-cb.c
  218. parse-options.c
  219. parse-options.h
  220. patch-delta.c
  221. patch-ids.c
  222. patch-ids.h
  223. path.c
  224. pathspec.c
  225. pathspec.h
  226. pkt-line.c
  227. pkt-line.h
  228. preload-index.c
  229. pretty.c
  230. prio-queue.c
  231. prio-queue.h
  232. progress.c
  233. progress.h
  234. prompt.c
  235. prompt.h
  236. quote.c
  237. quote.h
  238. reachable.c
  239. reachable.h
  240. read-cache.c
  241. README
  242. reflog-walk.c
  243. reflog-walk.h
  244. refs.c
  245. refs.h
  246. remote-curl.c
  247. remote-testsvn.c
  248. remote.c
  249. remote.h
  250. replace_object.c
  251. rerere.c
  252. rerere.h
  253. resolve-undo.c
  254. resolve-undo.h
  255. revision.c
  256. revision.h
  257. run-command.c
  258. run-command.h
  259. send-pack.c
  260. send-pack.h
  261. sequencer.c
  262. sequencer.h
  263. server-info.c
  264. setup.c
  265. sh-i18n--envsubst.c
  266. sha1-array.c
  267. sha1-array.h
  268. sha1-lookup.c
  269. sha1-lookup.h
  270. sha1_file.c
  271. sha1_name.c
  272. shallow.c
  273. shell.c
  274. shortlog.h
  275. show-index.c
  276. sideband.c
  277. sideband.h
  278. sigchain.c
  279. sigchain.h
  280. strbuf.c
  281. strbuf.h
  282. streaming.c
  283. streaming.h
  284. string-list.c
  285. string-list.h
  286. submodule.c
  287. submodule.h
  288. symlinks.c
  289. tag.c
  290. tag.h
  291. tar.h
  292. test-chmtime.c
  293. test-ctype.c
  294. test-date.c
  295. test-delta.c
  296. test-dump-cache-tree.c
  297. test-genrandom.c
  298. test-index-version.c
  299. test-line-buffer.c
  300. test-match-trees.c
  301. test-mergesort.c
  302. test-mktemp.c
  303. test-parse-options.c
  304. test-path-utils.c
  305. test-prio-queue.c
  306. test-read-cache.c
  307. test-regex.c
  308. test-revision-walking.c
  309. test-run-command.c
  310. test-scrap-cache-tree.c
  311. test-sha1.c
  312. test-sha1.sh
  313. test-sigchain.c
  314. test-string-list.c
  315. test-subprocess.c
  316. test-svn-fe.c
  317. test-urlmatch-normalization.c
  318. test-wildmatch.c
  319. thread-utils.c
  320. thread-utils.h
  321. trace.c
  322. transport-helper.c
  323. transport.c
  324. transport.h
  325. tree-diff.c
  326. tree-walk.c
  327. tree-walk.h
  328. tree.c
  329. tree.h
  330. unimplemented.sh
  331. unix-socket.c
  332. unix-socket.h
  333. unpack-trees.c
  334. unpack-trees.h
  335. upload-pack.c
  336. url.c
  337. url.h
  338. urlmatch.c
  339. urlmatch.h
  340. usage.c
  341. userdiff.c
  342. userdiff.h
  343. utf8.c
  344. utf8.h
  345. varint.c
  346. varint.h
  347. version.c
  348. version.h
  349. walker.c
  350. walker.h
  351. wildmatch.c
  352. wildmatch.h
  353. wrap-for-bin.sh
  354. wrapper.c
  355. write_or_die.c
  356. ws.c
  357. wt-status.c
  358. wt-status.h
  359. xdiff-interface.c
  360. xdiff-interface.h
  361. zlib.c