filter out control characters in warning messages
Converted warning and similar to use StringContainingQuotedPath. Most warnings are static strings, some do refer to filepaths that need to be quoted, and others don't need quoting. Note that, since quote filters out control characters of even UnquotedString, this makes all warnings safe, even when an attacker sneaks in a control character in some other way. When json is being output, no quoting is done, since json gets its own quoting. This does, as a side effect, make warning messages in json output not be indented. The indentation is only needed to offset warning messages underneath the display of the file they apply to, so that's ok. Sponsored-by: Brett Eisenberg on Patreon
This commit is contained in:
Joey Hess
parent
007e302637
commit
3290a09a70
75 changed files with 259 additions and 229 deletions
|
|
@ -31,7 +31,6 @@ import Annex.RemoteTrackingBranch
|
|||
import Utility.InodeCache
|
||||
import Logs.Location
|
||||
import Git.FilePath
|
||||
import Git.Filename
|
||||
import Git.Types
|
||||
import Types.Import
|
||||
import Utility.Metered
|
||||
|
|
@ -171,7 +170,7 @@ startLocal o addunlockedmatcher largematcher mode (srcfile, destfile) =
|
|||
ignored <- checkIgnored (checkGitIgnoreOption o) destfile
|
||||
if ignored
|
||||
then do
|
||||
warning $ "not importing " ++ fromRawFilePath destfile ++ " which is .gitignored (use --no-check-gitignore to override)"
|
||||
warning $ "not importing " <> QuotedPath destfile <> " which is .gitignored (use --no-check-gitignore to override)"
|
||||
stop
|
||||
else do
|
||||
existing <- liftIO (catchMaybeIO $ R.getSymbolicLinkStatus destfile)
|
||||
|
|
@ -199,7 +198,7 @@ startLocal o addunlockedmatcher largematcher mode (srcfile, destfile) =
|
|||
Just s
|
||||
| isDirectory s -> cont
|
||||
| otherwise -> do
|
||||
warning $ "not importing " ++ fromRawFilePath destfile ++ " because " ++ fromRawFilePath destdir ++ " is not a directory"
|
||||
warning $ "not importing " <> QuotedPath destfile <> " because " <> QuotedPath destdir <> " is not a directory"
|
||||
stop
|
||||
|
||||
importfilechecked ld k = do
|
||||
|
|
@ -257,7 +256,7 @@ startLocal o addunlockedmatcher largematcher mode (srcfile, destfile) =
|
|||
, Command.Add.addSmall (DryRun False) destfile s
|
||||
)
|
||||
notoverwriting why = do
|
||||
warning $ "not overwriting existing " ++ fromRawFilePath destfile ++ " " ++ why
|
||||
warning $ "not overwriting existing " <> QuotedPath destfile <> " " <> UnquotedString why
|
||||
stop
|
||||
lockdown a = do
|
||||
let mi = MatchingFile $ FileInfo
|
||||
|
|
@ -335,7 +334,7 @@ seekRemote remote branch msubdir importcontent ci = do
|
|||
liftIO (atomically (readTVar importabletvar)) >>= \case
|
||||
Nothing -> return ()
|
||||
Just importable -> importKeys remote importtreeconfig importcontent False importable >>= \case
|
||||
Nothing -> warning $ concat
|
||||
Nothing -> warning $ UnquotedString $ concat
|
||||
[ "Failed to import some files from "
|
||||
, Remote.name remote
|
||||
, ". Re-run command to resume import."
|
||||
|
|
@ -388,5 +387,5 @@ commitRemote remote branch tb trackingcommit importtreeconfig importcommitconfig
|
|||
setRemoteTrackingBranch tb c
|
||||
return True
|
||||
Nothing -> do
|
||||
warning $ "Nothing to import and " ++ fromRef branch ++ " does not exist."
|
||||
warning $ UnquotedString $ "Nothing to import and " ++ fromRef branch ++ " does not exist."
|
||||
return False
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue