path: root/t/
diff options
authorAnders Kaseorg <andersk@MIT.EDU>2013-09-27 10:23:55 (GMT)
committerJonathan Nieder <>2013-09-27 23:06:44 (GMT)
commit1c4fb136dbad762c9c4350ee79c3474ae8037587 (patch)
treeb5a4b7d74ad1076b9ed858f8a1478adc9bb1f2cd /t/
parent02a110ad435a6ccda648f09f94e546dfd7bdd0ac (diff)
submodule foreach: skip eval for more than one argument
'eval "$@"' creates an extra layer of shell interpretation, which is probably not expected by a user who passes multiple arguments to git submodule foreach: $ git grep "'" [searches for single quotes] $ git submodule foreach git grep "'" Entering '[submodule]' /usr/lib/git-core/git-submodule: 1: eval: Syntax error: Unterminated quoted string Stopping at '[submodule]'; script returned non-zero status. To fix this, if the user passes more than one argument, execute "$@" directly instead of passing it to eval. Examples: * Typical usage when adding an extra level of quoting is to pass a single argument representing the entire command to be passed to the shell. This doesn't change that. * One can imagine someone feeding untrusted input as an argument: git submodule foreach git grep "$variable" That currently results in a nonobvious shell code injection vulnerability. Executing the command named by the arguments directly, as in this patch, fixes it. Signed-off-by: Anders Kaseorg <> Acked-by: Johan Herland <> Signed-off-by: Jonathan Nieder <>
Diffstat (limited to 't/')
1 files changed, 9 insertions, 0 deletions
diff --git a/t/ b/t/
index be93f10..6b2fd39 100755
--- a/t/
+++ b/t/
@@ -329,4 +329,13 @@ test_expect_success 'command passed to foreach --recursive retains notion of std
test_cmp expected actual
+test_expect_success 'multi-argument command passed to foreach is not shell-evaluated twice' '
+ (
+ cd super &&
+ git submodule foreach "echo \\\"quoted\\\"" > ../expected &&
+ git submodule foreach echo \"quoted\" > ../actual
+ ) &&
+ test_cmp expected actual