Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v14] Replace UnixShellQuote with shsprintf.EscapeDefaultContext from github.com/google/safetext #40059

Closed
wants to merge 1 commit into from
Closed

[v14] Replace UnixShellQuote with shsprintf.EscapeDefaultContext from github.com/google/safetext #40059

wants to merge 1 commit into from

Conversation

jentfoo
Copy link
Contributor

@jentfoo jentfoo commented Mar 29, 2024

v14 backport of #40046

@jentfoo
Replace UnixShellQuote with shsprintf.EscapeDefaultContext from git…
1a43750 
…hub.com/google/safetext (#40046)

This change is a change in how we are handling the untrusted input.  Instead of adopting a strategy of quoting (which was incomplete), this instead escapes any special characters.

Although github.com/google/safetext is new, and without any current tags for us to reference, I believe it would be better to reference their implementation than to update the UnixShellQuote to handle the newly identified cases.
@jentfoo jentfoo self-assigned this Mar 29, 2024
@github-actions GitHub Actions
Copy link

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@jentfoo jentfoo added the no-changelog Indicates that a PR does not require a changelog entry label Mar 29, 2024
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from zmb3 March 29, 2024 23:22
@jentfoo
Copy link
Contributor Author

jentfoo commented Apr 1, 2024

The API Build failure is also due to go 1.19 being our specified go version. Since I don't think a go bump for this change is reasonable I am just closing this PR, leaving v15 as the only backport.

@jentfoo jentfoo closed this Apr 1, 2024
@jentfoo jentfoo deleted the jent/UnixShellQuote-replacement-v14 branch April 5, 2024 17:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rosstimothy rosstimothy rosstimothy approved these changes

@marcoandredinis marcoandredinis marcoandredinis approved these changes

Assignees

@jentfoo jentfoo

Labels
backport no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jentfoo @marcoandredinis @rosstimothy