New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape filename passed into ctags #1730

Open

victorhuangwq opened this issue Jan 29, 2023 · 1 comment

Labels

Priority: Medium Type: Bug

Contributor

victorhuangwq commented Jan 29, 2023

No description provided.

victorhuangwq changed the title ~~Escpae filename passed into ctags~~ Escape filename passed into ctags

damianhxy added Priority: Low Type: Bug labels

Member

damianhxy commented May 31, 2023 •

edited

Loading

We ought to sanitize the handin file path in general (perhaps by taking inspiration from github_integration.rb's ALLOWED CHARS)

Possible exploit vectors include user email and handin filename

damianhxy added Priority: Medium and removed Priority: Low labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment