You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Merged via rebase, thanks @noctrex. The PowerShell Select-String swap is well-scoped — #ifdef _WIN32 keeps the POSIX path untouched, the tab-vs-colon delimiter switch is the right move (Windows paths legitimately contain : after the drive letter), and pivoting to cbm_tmpdir() for the pattern temp file is a solid cleanup that drops the hardcoded /tmp/. The forward-slash filelist + binary-mode write closes the xargs-backslash-as-escape gotcha cleanly. Issue #196 should be resolved.
One follow-up landed on main directly (eca433b): cbm_validate_shell_arg now also blocks ", <, >. The PR's PowerShell command is wrapped at the cmd.exe level (powershell -Command "..."), so a " in file_pattern could close that outer quote even when the inner PowerShell single quotes hold; with < > unblocked, that opened a cmd.exe redirection primitive. Existing blocking of ' ; | & $ \`` already prevents RCE, so this is hardening rather than a fix for an exploitable RCE in this PR — but worth tightening since the new code path made the validator load-bearing in a new shell context. Three tests added in tests/test_security.c`.
Nice contribution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DeusData
added
enhancement
Replace
grepwith PowerShellSelect-Stringon Windows for the search_code and search_graph tools, enabling cross-platform functionality.Select-Stringto avoid conflicts with colons in Windows drive-letter paths (e.g.C:\dir\file).collect_grep_matchesto parse delimiter as tab on Windows and colon on POSIX."wb") and use forward slashes on Windows to preventxargsfrom interpreting backslashes as escape sequences.cbm_tmpdir()for pattern temp files instead of hardcoded/tmp/.getpidas_getpidon Windows for consistent API.Fixes #196