From ec0776c0a17ed4cc779fabd8273aee33f252d62f Mon Sep 17 00:00:00 2001 From: Matthias Lucas Jaros Date: Mon, 27 Oct 2025 14:00:37 +0100 Subject: Adjusted some comments and found a bug with realpath that is not defined at the moment of usage --- src/git-run | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/git-run b/src/git-run index bdee05c..0390e58 100755 --- a/src/git-run +++ b/src/git-run @@ -8,9 +8,10 @@ set -l repoDir # redirect stdout/stderr to file, no information to potential attacker begin + set -l currentUser (whoami) + # check given git command # basic form is '' - set -l currentUser (whoami) set -l matcher (string match -r -g $_GIT_VALIDATION_REGEX -- "$argv") if test (count $matcher) -ne 2 echo "$(date -Is): DENY bad_format user=$currentUser ip=$SSH_CONNECTION argv=$argv" @@ -35,7 +36,7 @@ begin set permission [w] case '*' # this should not happend because we sanitize above the git command - echo "$(date -Is): DENY unkown_git_command user=$currentUser ip=$SSH_CONNECTION realPath=$realPath argv=$argv" + echo "$(date -Is): DENY unkown_git_command user=$currentUser ip=$SSH_CONNECTION gitCommand=$gitCommand argv=$argv" exit 2 end -- cgit v1.3.1