* bash: unescaped `>` character when switching branches
@ 2025-06-24 12:59 Ondrej Pohorelsky
2025-06-25 8:53 ` Kristoffer Haugsbakk
0 siblings, 1 reply; 5+ messages in thread
From: Ondrej Pohorelsky @ 2025-06-24 12:59 UTC (permalink / raw)
To: git
Hi,
Our customer has found a possible issue when switching branches.
Output redirection character `>` is not escaped properly when
switching/checking out to different branch.
Steps to reproduce:
1. Create a new branch and switch back to master
```
$ git switch -C 'issue#1234>/tmp/dangerfile'
Switched to a new branch 'issue#1234>/tmp/dangerfile'
$ git switch master
```
2. Try to switch to the created branch with using auto-completion
```
git switch i<TAB>
$ git switch issue#1234>/tmp/dangerfile
fatal: invalid reference: issue#1234
```
3. Verify that the /tmp/dangerfile has been created
```
$ ls /tmp/dangerfile
/tmp/dangerfile
```
Internal interpretation of the created branch:
└── refs
├── heads
│ ├── issue#1234>
│ │ └── tmp
│ │ └── dangerfile
Tested on Fedora 42 with git-2.49.
I've found out that this behavior happens only when using Bash. Zsh
properly escapes the characters when creating and switching to the
branch. Git shouldn't be tricked into creating a file when the user is
switching branches. I'm not entirely sure where the issue lies in the
code, so I'm not attaching any patch fixing this.
--
Ondřej Pohořelský
Software Engineer
Red Hat
opohorel@redhat.com
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: bash: unescaped `>` character when switching branches 2025-06-24 12:59 bash: unescaped `>` character when switching branches Ondrej Pohorelsky @ 2025-06-25 8:53 ` Kristoffer Haugsbakk 2025-06-25 13:57 ` Phillip Wood 2025-06-25 16:38 ` Junio C Hamano 0 siblings, 2 replies; 5+ messages in thread From: Kristoffer Haugsbakk @ 2025-06-25 8:53 UTC (permalink / raw) To: Ondřej Pohořelský, git On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote: > Hi, > > Our customer has found a possible issue when switching branches. > Output redirection character `>` is not escaped properly when > switching/checking out to different branch. > > Steps to reproduce: > 1. Create a new branch and switch back to master > ``` > $ git switch -C 'issue#1234>/tmp/dangerfile' > Switched to a new branch 'issue#1234>/tmp/dangerfile' > $ git switch master > ``` It’s too bad that git-check-ref-format(1) does not disallow `>`. It would be nice to have an opt-in extension to the ref format check which disallows `>`. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: bash: unescaped `>` character when switching branches 2025-06-25 8:53 ` Kristoffer Haugsbakk @ 2025-06-25 13:57 ` Phillip Wood 2025-06-25 20:19 ` Kristoffer Haugsbakk 2025-06-25 16:38 ` Junio C Hamano 1 sibling, 1 reply; 5+ messages in thread From: Phillip Wood @ 2025-06-25 13:57 UTC (permalink / raw) To: Kristoffer Haugsbakk, Ondřej Pohořelský, git On 25/06/2025 09:53, Kristoffer Haugsbakk wrote: > On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote: >> Hi, >> >> Our customer has found a possible issue when switching branches. >> Output redirection character `>` is not escaped properly when >> switching/checking out to different branch. >> >> Steps to reproduce: >> 1. Create a new branch and switch back to master >> ``` >> $ git switch -C 'issue#1234>/tmp/dangerfile' >> Switched to a new branch 'issue#1234>/tmp/dangerfile' >> $ git switch master >> ``` > > It’s too bad that git-check-ref-format(1) does not disallow `>`. It also allows `<`, `$`, `&`, `;`, `(`, `)`, `#`, `"`, `'`, '`' and `|`. Our ref format is not designed for them to be used unquoted in the shell. I think the problem here is with our completion script not quoting the refname, not the format. Best Wishes Phillip > It would be nice to have an opt-in extension to the ref format check > which disallows `>`. > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: bash: unescaped `>` character when switching branches 2025-06-25 13:57 ` Phillip Wood @ 2025-06-25 20:19 ` Kristoffer Haugsbakk 0 siblings, 0 replies; 5+ messages in thread From: Kristoffer Haugsbakk @ 2025-06-25 20:19 UTC (permalink / raw) To: Phillip Wood, Ondřej Pohořelský, git; +Cc: Junio C Hamano On Wed, Jun 25, 2025, at 15:57, Phillip Wood wrote: > On 25/06/2025 09:53, Kristoffer Haugsbakk wrote: >> On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote: >>> Hi, >>> >>> Our customer has found a possible issue when switching branches. >>> Output redirection character `>` is not escaped properly when >>> switching/checking out to different branch. >>> >>> Steps to reproduce: >>> 1. Create a new branch and switch back to master >>> ``` >>> $ git switch -C 'issue#1234>/tmp/dangerfile' >>> Switched to a new branch 'issue#1234>/tmp/dangerfile' >>> $ git switch master >>> ``` >> >> It’s too bad that git-check-ref-format(1) does not disallow `>`. > > It also allows `<`, `$`, `&`, `;`, `(`, `)`, `#`, `"`, `'`, '`' and `|`. > Our ref format is not designed for them to be used unquoted in the > shell. I think the problem here is with our completion script not > quoting the refname, not the format. On Wed, Jun 25, 2025, at 18:38, Junio C Hamano wrote: > "Kristoffer Haugsbakk" <kristofferhaugsbakk@fastmail.com> writes: > >> On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote: >>> Hi, >>> >>> Our customer has found a possible issue when switching branches. >>> Output redirection character `>` is not escaped properly when >>> switching/checking out to different branch. >>> >>> Steps to reproduce: >>> 1. Create a new branch and switch back to master >>> ``` >>> $ git switch -C 'issue#1234>/tmp/dangerfile' >>> Switched to a new branch 'issue#1234>/tmp/dangerfile' >>> $ git switch master >>> ``` >> >> It’s too bad that git-check-ref-format(1) does not disallow `>`. > > Is it? It looks like an outright bug in the completion code, > nothing more, to me. That was an aside. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: bash: unescaped `>` character when switching branches 2025-06-25 8:53 ` Kristoffer Haugsbakk 2025-06-25 13:57 ` Phillip Wood @ 2025-06-25 16:38 ` Junio C Hamano 1 sibling, 0 replies; 5+ messages in thread From: Junio C Hamano @ 2025-06-25 16:38 UTC (permalink / raw) To: Kristoffer Haugsbakk; +Cc: Ondřej Pohořelský, git "Kristoffer Haugsbakk" <kristofferhaugsbakk@fastmail.com> writes: > On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote: >> Hi, >> >> Our customer has found a possible issue when switching branches. >> Output redirection character `>` is not escaped properly when >> switching/checking out to different branch. >> >> Steps to reproduce: >> 1. Create a new branch and switch back to master >> ``` >> $ git switch -C 'issue#1234>/tmp/dangerfile' >> Switched to a new branch 'issue#1234>/tmp/dangerfile' >> $ git switch master >> ``` > > It’s too bad that git-check-ref-format(1) does not disallow `>`. Is it? It looks like an outright bug in the completion code, nothing more, to me. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-06-25 20:19 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-06-24 12:59 bash: unescaped `>` character when switching branches Ondrej Pohorelsky 2025-06-25 8:53 ` Kristoffer Haugsbakk 2025-06-25 13:57 ` Phillip Wood 2025-06-25 20:19 ` Kristoffer Haugsbakk 2025-06-25 16:38 ` Junio C Hamano
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox