From 47fb1c5235236c8e28bfdc87b013419ae1d85dc8 Mon Sep 17 00:00:00 2001 From: Evan Read Date: Mon, 18 Feb 2019 09:36:13 +0000 Subject: Remove consecutive blank lines from markdown files For the sake of consistency, removes any extraneous consecutive blank lines from the doc suite. --- doc/development/shell_commands.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'doc/development/shell_commands.md') diff --git a/doc/development/shell_commands.md b/doc/development/shell_commands.md index 73893f9dd46..7bdf676be58 100644 --- a/doc/development/shell_commands.md +++ b/doc/development/shell_commands.md @@ -190,7 +190,7 @@ A check like this could have avoided CVE-2013-4583. ## Properly anchor regular expressions to the start and end of strings -When using regular expressions to validate user input that is passed as an argument to a shell command, make sure to use the `\A` and `\z` anchors that designate the start and end of the string, rather than `^` and `$`, or no anchors at all. +When using regular expressions to validate user input that is passed as an argument to a shell command, make sure to use the `\A` and `\z` anchors that designate the start and end of the string, rather than `^` and `$`, or no anchors at all. If you don't, an attacker could use this to execute commands with potentially harmful effect. @@ -198,7 +198,7 @@ For example, when a project's `import_url` is validated like below, the user cou ```ruby validates :import_url, format: { with: URI.regexp(%w(ssh git http https)) } -# URI.regexp(%w(ssh git http https)) roughly evaluates to /(ssh|git|http|https):(something_that_looks_like_a_url)/ +# URI.regexp(%w(ssh git http https)) roughly evaluates to /(ssh|git|http|https):(something_that_looks_like_a_url)/ ``` Suppose the user submits the following as their import URL: @@ -211,7 +211,6 @@ Since there are no anchors in the used regular expression, the `git:/tmp/lol` in When importing, GitLab would execute the following command, passing the `import_url` as an argument: - ```sh git clone file://git:/tmp/lol ``` -- cgit v1.2.3