File fish3-CVE-2022-20001.patch of Package fish3.17437

Overview Repositories Revisions Requests Users Attributes Meta

File fish3-CVE-2022-20001.patch of Package fish3.17437

From ac9218b4bd882b8d889b618a6c690ff0e67fab0b Mon Sep 17 00:00:00 2001
From: ridiculousfish <rf@fishshell.com>
Date: Sun, 26 Dec 2021 17:25:20 -0800
Subject: [PATCH] fish_git_prompt: be careful about git config

fish_git_prompt may run certain git commands which may invoke certain
external programs as specified `.git/config`. Prevent this by suppressing
certain git config options.
---
 share/functions/fish_git_prompt.fish |  8 ++++----
 tests/checks/git.fish                | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 4 deletions(-)

Index: fish-3.3.1/share/functions/fish_git_prompt.fish
===================================================================
--- fish-3.3.1.orig/share/functions/fish_git_prompt.fish	2021-07-06 16:45:37.000000000 +0200
+++ fish-3.3.1/share/functions/fish_git_prompt.fish	2022-03-16 08:01:36.483925007 +0100
@@ -339,18 +339,18 @@ function __fish_git_prompt_staged --desc
     # The "diff" functions all return > 0 if there _is_ a diff,
     # but we want to return 0 if there are staged changes.
     # So we invert the status.
-    not command git diff-index --cached --quiet HEAD -- 2>/dev/null
+    not command git -c core.fsmonitor= diff-index --cached --quiet HEAD -- 2>/dev/null
     and echo 1
 end
 
 function __fish_git_prompt_untracked --description "fish_git_prompt helper, tells whether or not the current repository has untracked files"
-    command git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- :/ >/dev/null 2>&1
+    command git -c core.fsmonitor= ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- :/ >/dev/null 2>&1
     and echo 1
 end
 
 function __fish_git_prompt_dirty --description "fish_git_prompt helper, tells whether or not the current branch has tracked, modified files"
     # Like staged, invert the status because we want 0 to mean there are dirty files.
-    not command git diff --no-ext-diff --quiet --exit-code 2>/dev/null
+    not command git -c core.fsmonitor= diff --no-ext-diff --quiet --exit-code 2>/dev/null
     and echo 1
 end
 
@@ -366,7 +366,7 @@ function __fish_git_prompt_informative_s
     # It's quite a bit faster and unlikely anyone cares about the number of files if it's *all* of the files
     # in that directory.
     # The v2 format is better, but we don't actually care in this case.
-    set -l stats (string sub -l 2 (git status --porcelain -z -unormal | string split0))
+    set -l stats (string sub -l 2 (git -c core.fsmonitor= status --porcelain -z -unormal | string split0))
     set -l invalidstate (string match -r '^UU' $stats | count)
     set -l stagedstate (string match -r '^[ACDMR].' $stats | count)
     set -l dirtystate (string match -r '^.[ACDMR]' $stats | count)
Index: fish-3.3.1/tests/checks/git.fish
===================================================================
--- fish-3.3.1.orig/tests/checks/git.fish	2021-07-06 16:45:37.000000000 +0200
+++ fish-3.3.1/tests/checks/git.fish	2022-03-16 08:01:36.487925030 +0100
@@ -73,3 +73,18 @@ set -g __fish_git_prompt_status_order un
 fish_git_prompt
 echo
 #CHECK: (newbranch %)
+
+# Turn on everything and verify we correctly ignore sus config files.
+set -g __fish_git_prompt_status_order stagedstate invalidstate dirtystate untrackedfiles stashstate
+set -g __fish_git_prompt_showdirtystate 1
+set -g __fish_git_prompt_show_informative_status 1
+set -g __fish_git_prompt_showuntrackedfiles 1
+rm -Rf .git *
+git init >/dev/null 2>&1
+echo -n > ran.txt
+git config core.fsmonitor 'echo fsmonitor >> ran.txt; false'
+git config core.sshCommand 'echo sshCommand >> ran.txt; false'
+git config diff.external 'echo diff >> ran.txt; false'
+touch untracked_file
+fish_git_prompt > /dev/null
+cat ran.txt # should output nothing

Places

File fish3-CVE-2022-20001.patch of Package fish3.17437

Places