bash: unescaped `>` character when switching branches

public inbox for git@vger.kernel.org
 help / color / mirror / Atom feed

* bash: unescaped `>` character when switching branches
@ 2025-06-24 12:59 Ondrej Pohorelsky
  2025-06-25  8:53 ` Kristoffer Haugsbakk
  0 siblings, 1 reply; 5+ messages in thread
From: Ondrej Pohorelsky @ 2025-06-24 12:59 UTC (permalink / raw)
  To: git

Hi,

Our customer has found a possible issue when switching branches.
Output redirection character `>` is not escaped properly when
switching/checking out to different branch.

Steps to reproduce:
1. Create a new branch and switch back to master
```
$ git switch -C 'issue#1234>/tmp/dangerfile'
Switched to a new branch 'issue#1234>/tmp/dangerfile'
$ git switch master
```

2. Try to switch to the created branch with using auto-completion
```
git switch i<TAB>
$ git switch issue#1234>/tmp/dangerfile
fatal: invalid reference: issue#1234
```
3. Verify that the /tmp/dangerfile has been created
```
$ ls /tmp/dangerfile
/tmp/dangerfile
```

Internal interpretation of the created branch:
└── refs
    ├── heads
    │   ├── issue#1234>
    │   │   └── tmp
    │   │       └── dangerfile

Tested on Fedora 42 with git-2.49.

I've found out that this behavior happens only when using Bash. Zsh
properly escapes the characters when creating and switching to the
branch. Git shouldn't be tricked into creating a file when the user is
switching branches. I'm not entirely sure where the issue lies in the
code, so I'm not attaching any patch fixing this.

-- 
Ondřej Pohořelský

Software Engineer

Red Hat

opohorel@redhat.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: bash: unescaped `>` character when switching branches
  2025-06-24 12:59 bash: unescaped `>` character when switching branches Ondrej Pohorelsky
@ 2025-06-25  8:53 ` Kristoffer Haugsbakk
  2025-06-25 13:57   ` Phillip Wood
  2025-06-25 16:38   ` Junio C Hamano
  0 siblings, 2 replies; 5+ messages in thread
From: Kristoffer Haugsbakk @ 2025-06-25  8:53 UTC (permalink / raw)
  To: Ondřej Pohořelský, git

On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote:
> Hi,
>
> Our customer has found a possible issue when switching branches.
> Output redirection character `>` is not escaped properly when
> switching/checking out to different branch.
>
> Steps to reproduce:
> 1. Create a new branch and switch back to master
> ```
> $ git switch -C 'issue#1234>/tmp/dangerfile'
> Switched to a new branch 'issue#1234>/tmp/dangerfile'
> $ git switch master
> ```

It’s too bad that git-check-ref-format(1) does not disallow `>`.

It would be nice to have an opt-in extension to the ref format check
which disallows `>`.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: bash: unescaped `>` character when switching branches
  2025-06-25  8:53 ` Kristoffer Haugsbakk
@ 2025-06-25 13:57   ` Phillip Wood
  2025-06-25 20:19     ` Kristoffer Haugsbakk
  2025-06-25 16:38   ` Junio C Hamano
  1 sibling, 1 reply; 5+ messages in thread
From: Phillip Wood @ 2025-06-25 13:57 UTC (permalink / raw)
  To: Kristoffer Haugsbakk, Ondřej Pohořelský, git

On 25/06/2025 09:53, Kristoffer Haugsbakk wrote:
> On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote:
>> Hi,
>>
>> Our customer has found a possible issue when switching branches.
>> Output redirection character `>` is not escaped properly when
>> switching/checking out to different branch.
>>
>> Steps to reproduce:
>> 1. Create a new branch and switch back to master
>> ```
>> $ git switch -C 'issue#1234>/tmp/dangerfile'
>> Switched to a new branch 'issue#1234>/tmp/dangerfile'
>> $ git switch master
>> ```
> 
> It’s too bad that git-check-ref-format(1) does not disallow `>`.

It also allows `<`, `$`, `&`, `;`, `(`, `)`, `#`, `"`, `'`, '`' and `|`. 
Our ref format is not designed for them to be used unquoted in the 
shell. I think the problem here is with our completion script not 
quoting the refname, not the format.

Best Wishes

Phillip
> It would be nice to have an opt-in extension to the ref format check
> which disallows `>`.
> 


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: bash: unescaped `>` character when switching branches
  2025-06-25  8:53 ` Kristoffer Haugsbakk
  2025-06-25 13:57   ` Phillip Wood
@ 2025-06-25 16:38   ` Junio C Hamano
  1 sibling, 0 replies; 5+ messages in thread
From: Junio C Hamano @ 2025-06-25 16:38 UTC (permalink / raw)
  To: Kristoffer Haugsbakk; +Cc: Ondřej Pohořelský, git

"Kristoffer Haugsbakk" <kristofferhaugsbakk@fastmail.com> writes:

> On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote:
>> Hi,
>>
>> Our customer has found a possible issue when switching branches.
>> Output redirection character `>` is not escaped properly when
>> switching/checking out to different branch.
>>
>> Steps to reproduce:
>> 1. Create a new branch and switch back to master
>> ```
>> $ git switch -C 'issue#1234>/tmp/dangerfile'
>> Switched to a new branch 'issue#1234>/tmp/dangerfile'
>> $ git switch master
>> ```
>
> It’s too bad that git-check-ref-format(1) does not disallow `>`.

Is it?  It looks like an outright bug in the completion code,
nothing more, to me.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: bash: unescaped `>` character when switching branches
  2025-06-25 13:57   ` Phillip Wood
@ 2025-06-25 20:19     ` Kristoffer Haugsbakk
  0 siblings, 0 replies; 5+ messages in thread
From: Kristoffer Haugsbakk @ 2025-06-25 20:19 UTC (permalink / raw)
  To: Phillip Wood, Ondřej Pohořelský, git; +Cc: Junio C Hamano

On Wed, Jun 25, 2025, at 15:57, Phillip Wood wrote:
> On 25/06/2025 09:53, Kristoffer Haugsbakk wrote:
>> On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote:
>>> Hi,
>>>
>>> Our customer has found a possible issue when switching branches.
>>> Output redirection character `>` is not escaped properly when
>>> switching/checking out to different branch.
>>>
>>> Steps to reproduce:
>>> 1. Create a new branch and switch back to master
>>> ```
>>> $ git switch -C 'issue#1234>/tmp/dangerfile'
>>> Switched to a new branch 'issue#1234>/tmp/dangerfile'
>>> $ git switch master
>>> ```
>> 
>> It’s too bad that git-check-ref-format(1) does not disallow `>`.
>
> It also allows `<`, `$`, `&`, `;`, `(`, `)`, `#`, `"`, `'`, '`' and `|`. 
> Our ref format is not designed for them to be used unquoted in the 
> shell. I think the problem here is with our completion script not 
> quoting the refname, not the format.

On Wed, Jun 25, 2025, at 18:38, Junio C Hamano wrote:
> "Kristoffer Haugsbakk" <kristofferhaugsbakk@fastmail.com> writes:
>
>> On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote:
>>> Hi,
>>>
>>> Our customer has found a possible issue when switching branches.
>>> Output redirection character `>` is not escaped properly when
>>> switching/checking out to different branch.
>>>
>>> Steps to reproduce:
>>> 1. Create a new branch and switch back to master
>>> ```
>>> $ git switch -C 'issue#1234>/tmp/dangerfile'
>>> Switched to a new branch 'issue#1234>/tmp/dangerfile'
>>> $ git switch master
>>> ```
>>
>> It’s too bad that git-check-ref-format(1) does not disallow `>`.
>
> Is it?  It looks like an outright bug in the completion code,
> nothing more, to me.

That was an aside.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-06-25 20:19 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-24 12:59 bash: unescaped `>` character when switching branches Ondrej Pohorelsky
2025-06-25  8:53 ` Kristoffer Haugsbakk
2025-06-25 13:57   ` Phillip Wood
2025-06-25 20:19     ` Kristoffer Haugsbakk
2025-06-25 16:38   ` Junio C Hamano

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox