Skip to content

Ssh exec 2 #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Ssh exec 2 #6

wants to merge 7 commits into from

Conversation

@ethomson
Copy link
Owner

@ethomson ethomson commented Oct 30, 2025

No description provided.

@ethomson
str: add case insensitive suffixcmp
8478938
@ethomson
str: allow escaping with prefix and suffix
cfa3d73 
Allow `git_str_puts_escaped` to take an escaping prefix and an escaping
suffix; this allows for more options, including the ability to better
support escaping executed paths.
@ethomson
ssh_exec: escape remote paths properly
b221d98 
When sending paths to the remote server, escape them properly.
Escape them with a single quote, followed by the escaped character,
followed by another single quote. This prevents misparsing on the
remote side and potential command injection.
@ethomson
fs: improved executable-in-path location tests
d04cac6 
Ensure that our `find_executable` behaves as expected:

* When the executable contains a fully- or partially-qualified filename
  component (eg, `foo/bar`) that `PATH` is not searched; these paths are
  relative to the current working directory.
* An empty segment in `PATH` (on POSIX systems) is treated as the
  current directory; this is for compatibility with Bourne shells.
* When a file exists in `PATH`, it is actually executable (on POSIX)
@ethomson
fs: improve path-in-executable location
01e59da 
* Do not search `PATH` for fully- or partially-qualified filenames
  (eg, `foo/bar`)
* Ensure that a file in the `PATH` is executable before returning it
@ethomson
fs: improve executable search on Windows
567c198 
Ensure that when we look for an executable on Windows that we add
executable suffixes (`.exe`, `.cmd`). Without this, we would not support
looking for (eg) `ssh`, since we actually need to identify a file named
`ssh.exe` (or `ssh.cmd`) in `PATH`.
@ethomson
ssh_exec: don't use sh for ssh execution
6fd3d34 
Construct the arguments for the ssh exec as an explicit array, instead
of trying to create a command-line for sh. The latter may use user input
(the remote path) so this may be vulnerable to command injection.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ethomson