Harden gitlab-shell against arguments following the gl_id parameter in the command line

author: Nick Thomas <nick@gitlab.com> 2018-08-09 18:26:55 +0100
committer: Nick Thomas <nick@gitlab.com> 2018-08-09 18:43:36 +0100
commit: 6e907f26475f16ad7d3e02aa64138e0fe35bb6b9 (patch)
tree: 5f3ad4f3a335383f0b92300d6d6a864f97910e7a /bin
parent: c4b5a076040a6f6156c26f66cdc47610fc267db2 (diff)
download: gitlab-shell-6e907f26475f16ad7d3e02aa64138e0fe35bb6b9.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/bin/gitlab-shell b/bin/gitlab-shell
index ae751d7..93a79f6 100755
--- a/bin/gitlab-shell
+++ b/bin/gitlab-shell
@@ -19,7 +19,7 @@ require File.join(ROOT_PATH, 'lib', 'gitlab_shell')
 
 # We must match e.g. "key-12345" anywhere on the command-line. See
 # https://gitlab.com/gitlab-org/gitlab-shell/issues/145
-who = /\b(?:(?:key|user)-[0-9]+|username-\S+)\b/.match(ARGV.join).to_s;
+who = /\b(?:(?:key|user)-[0-9]+|username-\S+)\b/.match(ARGV.join(' ')).to_s
 
 if GitlabShell.new(who).exec(original_cmd)
   exit 0
author	Nick Thomas <nick@gitlab.com>	2018-08-09 18:26:55 +0100
committer	Nick Thomas <nick@gitlab.com>	2018-08-09 18:43:36 +0100
commit	6e907f26475f16ad7d3e02aa64138e0fe35bb6b9 (patch)
tree	5f3ad4f3a335383f0b92300d6d6a864f97910e7a /bin
parent	c4b5a076040a6f6156c26f66cdc47610fc267db2 (diff)
download	gitlab-shell-6e907f26475f16ad7d3e02aa64138e0fe35bb6b9.tar.gz