1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2024-12-20 19:31:58 +00:00
ohmyzsh/themes/refined.zsh-theme
Marc Cornellà b3ba9978cc
fix(themes): fix potential command injection in pygmalion, pygmalion-virtualenv and refined
The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information
which results in a double evaluation of this information, so a malicious git repository
could trigger a command injection if the user cloned and entered the repository.

A similar method could be used in the refined theme. All themes have been patched against this
vulnerability.
2021-11-11 22:45:40 +01:00

108 lines
3.3 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env zsh
# ------------------------------------------------------------------------------
#
# Pure - A minimal and beautiful theme for oh-my-zsh
#
# Based on the custom Zsh-prompt of the same name by Sindre Sorhus. A huge
# thanks goes out to him for designing the fantastic Pure prompt in the first
# place! I'd also like to thank Julien Nicoulaud for his "nicoulaj" theme from
# which I've borrowed both some ideas and some actual code. You can find out
# more about both of these fantastic two people here:
#
# Sindre Sorhus
# Github: https://github.com/sindresorhus
# Twitter: https://twitter.com/sindresorhus
#
# Julien Nicoulaud
# Github: https://github.com/nicoulaj
# Twitter: https://twitter.com/nicoulaj
#
# ------------------------------------------------------------------------------
# Set required options
#
setopt prompt_subst
# Load required modules
#
autoload -Uz vcs_info
# Set vcs_info parameters
#
zstyle ':vcs_info:*' enable hg bzr git
zstyle ':vcs_info:*:*' unstagedstr '!'
zstyle ':vcs_info:*:*' stagedstr '+'
zstyle ':vcs_info:*:*' formats "$FX[bold]%r$FX[no-bold]/%S" "%s:%b" "%%u%c"
zstyle ':vcs_info:*:*' actionformats "$FX[bold]%r$FX[no-bold]/%S" "%s:%b" "%u%c (%a)"
zstyle ':vcs_info:*:*' nvcsformats "%~" "" ""
# Fastest possible way to check if repo is dirty
#
git_dirty() {
# Check if we're in a git repo
command git rev-parse --is-inside-work-tree &>/dev/null || return
# Check if it's dirty
command git diff --quiet --ignore-submodules HEAD &>/dev/null; [ $? -eq 1 ] && echo "*"
}
# Display information about the current repository
#
repo_information() {
echo "%F{blue}${vcs_info_msg_0_%%/.} %F{8}$vcs_info_msg_1_`git_dirty` $vcs_info_msg_2_%f"
}
# Displays the exec time of the last command if set threshold was exceeded
#
cmd_exec_time() {
local stop=`date +%s`
local start=${cmd_timestamp:-$stop}
let local elapsed=$stop-$start
[ $elapsed -gt 5 ] && echo ${elapsed}s
}
# Get the initial timestamp for cmd_exec_time
#
preexec() {
cmd_timestamp=`date +%s`
}
# Output additional information about paths, repos and exec time
#
precmd() {
setopt localoptions nopromptsubst
vcs_info # Get version control info before we start outputting stuff
print -P "\n$(repo_information) %F{yellow}$(cmd_exec_time)%f"
unset cmd_timestamp #Reset cmd exec time.
}
# Define prompts
#
PROMPT="%(?.%F{magenta}.%F{red})%f " # Display a red prompt char on failure
RPROMPT="%F{8}${SSH_TTY:+%n@%m}%f" # Display username if connected via SSH
# ------------------------------------------------------------------------------
#
# List of vcs_info format strings:
#
# %b => current branch
# %a => current action (rebase/merge)
# %s => current version control system
# %r => name of the root directory of the repository
# %S => current path relative to the repository root directory
# %m => in case of Git, show information about stashes
# %u => show unstaged changes in the repository
# %c => show staged changes in the repository
#
# List of prompt format strings:
#
# prompt:
# %F => color dict
# %f => reset color
# %~ => current path
# %* => time
# %n => username
# %m => shortname host
# %(?..) => prompt conditional - %(condition.true.false)
#
# ------------------------------------------------------------------------------