scripts/safe-commit.sh

#!/usr/bin/env bash
# ═══════════════════════════════════════════════════════════════
# safe-commit.sh — Commit with message from file (prevents shell injection)
#
# Issue #1430: Backticks in commit messages can trigger shell
# substitution during git hook processing. Using -F <file> instead
# of -m prevents this.
#
# Usage:
#   ./scripts/safe-commit.sh "my commit message"
#   ./scripts/safe-commit.sh -F message.txt
#   echo "message" | ./scripts/safe-commit.sh --stdin
# ═══════════════════════════════════════════════════════════════
set -euo pipefail

TMPFILE=$(mktemp /tmp/commit-msg-XXXXXX)
trap "rm -f $TMPFILE" EXIT

if [ "${1:-}" = "-F" ] && [ -n "${2:-}" ]; then
    # Use provided file
    cp "$2" "$TMPFILE"
elif [ "${1:-}" = "--stdin" ]; then
    # Read from stdin
    cat > "$TMPFILE"
elif [ -n "${1:-}" ]; then
    # Write argument to temp file (no shell expansion)
    printf '%s' "$1" > "$TMPFILE"
else
    echo "Usage: $0 <message> | $0 -F <file> | $0 --stdin"
    echo ""
    echo "Always uses git commit -F to prevent shell injection."
    exit 1
fi

# Stage all changes
git add -A

# Commit using file (no shell expansion of message content)
git commit -F "$TMPFILE"

echo "✓ Committed safely (no shell expansion)"
fix(#1430): Prevent shell injection from commit messages Backticks in git commit -m messages can trigger shell expansion during hook processing. This adds: - .githooks/pre-commit: warns when commit message contains backticks (reads COMMIT_EDITMSG, warns but does not block) - scripts/safe-commit.sh: safe commit wrapper using -F <file> instead of -m (prevents all shell expansion) - docs/SAFE_COMMIT_PATTERNS.md: documents safe patterns and what NOT to do The repo hooks (pre-commit, stale-pr-closer) are already clean. This is preventive hardening + documentation. Fixes #1430 2026-04-17 01:28:44 -04:00			`#!/usr/bin/env bash`
			`# ═══════════════════════════════════════════════════════════════`
			`# safe-commit.sh — Commit with message from file (prevents shell injection)`
			`#`
			`# Issue #1430: Backticks in commit messages can trigger shell`
			`# substitution during git hook processing. Using -F <file> instead`
			`# of -m prevents this.`
			`#`
			`# Usage:`
			`# ./scripts/safe-commit.sh "my commit message"`
			`# ./scripts/safe-commit.sh -F message.txt`
			`# echo "message" \| ./scripts/safe-commit.sh --stdin`
			`# ═══════════════════════════════════════════════════════════════`
			`set -euo pipefail`

			`TMPFILE=$(mktemp /tmp/commit-msg-XXXXXX)`
			`trap "rm -f $TMPFILE" EXIT`

			`if [ "${1:-}" = "-F" ] && [ -n "${2:-}" ]; then`
			`# Use provided file`
			`cp "$2" "$TMPFILE"`
			`elif [ "${1:-}" = "--stdin" ]; then`
			`# Read from stdin`
			`cat > "$TMPFILE"`
			`elif [ -n "${1:-}" ]; then`
			`# Write argument to temp file (no shell expansion)`
			`printf '%s' "$1" > "$TMPFILE"`
			`else`
			`echo "Usage: $0 <message> \| $0 -F <file> \| $0 --stdin"`
			`echo ""`
			`echo "Always uses git commit -F to prevent shell injection."`
			`exit 1`
			`fi`

			`# Stage all changes`
			`git add -A`

			`# Commit using file (no shell expansion of message content)`
			`git commit -F "$TMPFILE"`

			`echo "✓ Committed safely (no shell expansion)"`