development/git
development/git
1
0
Fork 0
mirror of https://github.com/git/git synced 2024-06-30 22:54:27 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'jc/safe-directory-leading-path'

Browse Source 
The safe.directory configuration knob has been updated to
optionally allow leading path matches.

* jc/safe-directory-leading-path:
  safe.directory: allow "lead/ing/path/*" match
This commit is contained in:
Junio C Hamano 2024-06-12 13:37:16 -07:00
commit b8bdb2f283
3 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Documentation/config/safe.txt
View File

@ -44,7 +44,8 @@ string `*`. This will allow all repositories to be treated as if their
directory was listed in the `safe.directory` list. If `safe.directory=*`
is set in system config and you want to re-enable this protection, then
initialize your list with an empty value before listing the repositories
that you deem safe.
that you deem safe. Giving a directory with `/*` appended to it will
allow access to all repositories under the named directory.
+
As explained, Git only allows you to access repositories owned by
yourself, i.e. the user who is running Git, by default. When Git

19
setup.c
View File

@ -1230,13 +1230,20 @@ static int safe_directory_cb(const char *key, const char *value,
} else if (!strcmp(value, "*")) {
data->is_safe = 1;
} else {
char *interpolated = NULL;
char *allowed = NULL;
if (!git_config_pathname(&interpolated, key, value) &&
!fspathcmp(data->path, interpolated ? interpolated : value))
data->is_safe = 1;
free(interpolated);
if (!git_config_pathname(&allowed, key, value)) {
const char *check = allowed ? allowed : value;
if (ends_with(check, "/*")) {
size_t len = strlen(check);
if (!fspathncmp(check, data->path, len - 1))
data->is_safe = 1;
} else if (!fspathcmp(data->path, check)) {
data->is_safe = 1;
}
}
if (allowed != value)
free(allowed);
}
return 0;

15
t/t0033-safe-directory.sh
View File

@ -71,7 +71,22 @@ test_expect_success 'safe.directory=*, but is reset' '
expect_rejected_dir
'
test_expect_success 'safe.directory with matching glob' '
git config --global --unset-all safe.directory &&
p=$(pwd) &&
git config --global safe.directory "${p%/*}/*" &&
git status
'
test_expect_success 'safe.directory with unmatching glob' '
git config --global --unset-all safe.directory &&
p=$(pwd) &&
git config --global safe.directory "${p%/*}no/*" &&
expect_rejected_dir
'
test_expect_success 'safe.directory in included file' '
git config --global --unset-all safe.directory &&
cat >gitconfig-include <<-EOF &&
[safe]
directory = "$(pwd)"