Comments (5)
At least this case would be simply fixed by using single instead of double quotes around the author names when writing that file. That would prevent all kinds of similar problems as well.
from gitstats.
So just to clarify the above, simply was a foolish choice of word. Yes, using single quotes instead of double solves the problem, but that will fail if the author's name contains one. 'Tim O'Really' for example. It's not possible to escape that as ' either. In bash, you can do $'Tim O'\Really' (which is what I tried), but apparently you can't in the gnuplot file. I'll investigate what else might be possible when I have time.
from gitstats.
(the other simple/obvious option would be to just remove any backtick characters from the author name, but just doing that may well leave other avenues of attack open - I was looking for a solution that ensures the name is taken as a literal string no matter what)
from gitstats.
Indeed. I was kind of hoping some gnuplot expert would pop in and tip us on how to do this properly, but alas, we will have to do with the unoptimal blacklisting.
commit 5ba386aede189ce22f900fd9548d3135e46bd7ff
Author: Heikki Hokkanen <[email protected]>
Date: Sat Dec 21 15:04:04 2013 +0200
Remove backticks from author names passed to gnuplot.
Without this, author names containing `touch /tmp/vulnerable` would cause said
file to appear after generating statistics for the given repository.
This is not an optimal solution. Instead of blacklisting characters we should
either whitelist some, or find a safe escape mechanism for gnuplot.
Thanks for reporting the bug.
from gitstats.
I think that solution is probably fine. I did have a good read of the documentation later, and I don't see any way of causing problems with any other characters other than the backtick.
from gitstats.
Related Issues (20)
- Can I specify a specific branch to calculate, thank you
- Unable to install gitstats on macOS HOT 2
- Is this project still actively maintained? HOT 5
- Broken link to gitorious on homepage
- parsing "git rev-list" was failed if the user name including a space character.
- How to generate report for all branches not only the main branch ?
- git rev-list | grep choke on utf-8 in comments
- After a while running git-stats ... the git or/and wc command is "suspended"
- gnuplot not found
- Domain stats and mailmap
- SyntaxError: invalid syntax HOT 2
- ImportError: No module named gitstats on Windows HOT 2
- list index out of range HOT 3
- commmit by authors only display top20?
- Error when running with output directory = gitstats source HOT 2
- How do we use gitstats? HOT 3
- Support running gitstats in a python3-only environment HOT 3
- Support for exclude merge commits from stats HOT 1
- 'wc' is not recognized as an internal or external command, operable program or batch file.
- FYI, a fork that adds ignore file paths, fixes some issues, and lists other good forks HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitstats.