Securing Developer Tools: Git Integrations
Author: Thomas Chauchefoin (Vulnerability Researcher, Sonar) Published: March 15, 2022 Source: https://www.sonarsource.com/blog/securing-developer-tools-git-integrations/ Summary Sonar’s research team showed how a malicious Git repository can achieve arbitrary code execution simply by being opened in a developer tool or navigated to in a terminal. The trick abuses Git’s per-repository .git/config and its core.fsmonitor directive, which Git runs as … Read more