diff --git a/Logs/Proxy.hs b/Logs/Proxy.hs index 7a289ff0a9..06e7f268fd 100644 --- a/Logs/Proxy.hs +++ b/Logs/Proxy.hs @@ -18,6 +18,7 @@ import qualified Data.Map as M import qualified Annex import Annex.Common import qualified Annex.Branch +import qualified Git.Remote import Git.Types import Logs import Logs.UUIDBased @@ -37,7 +38,7 @@ data Proxy = Proxy -- TODO caching getProxies :: Annex (M.Map UUID (S.Set Proxy)) -getProxies = M.map value . fromMapLog . parseProxyLog +getProxies = M.map (validateProxies . value) . fromMapLog . parseProxyLog <$> Annex.Branch.get proxyLog recordProxies :: S.Set Proxy -> Annex () @@ -76,3 +77,11 @@ parseProxyList = S.fromList <$> many parseword <* (const () <$> A8.char colon) <*> (decodeBS <$> A8.takeWhile1 (/= ' ')) colon = ':' + +-- Filter out any proxies that have a name that is not allowed as a git +-- remote name. This avoids any security problems with eg escape +-- characters in names, and ensures the name can be used anywhere a usual +-- git remote name can be used without causing issues. +validateProxies :: S.Set Proxy -> S.Set Proxy +validateProxies = S.filter $ \p -> + Git.Remote.makeLegalName (proxyRemoteName p) == proxyRemoteName p diff --git a/doc/todo/git-annex_proxies.mdwn b/doc/todo/git-annex_proxies.mdwn index ddac3b9cad..d00d9b1651 100644 --- a/doc/todo/git-annex_proxies.mdwn +++ b/doc/todo/git-annex_proxies.mdwn @@ -37,12 +37,6 @@ For June's work on [[design/passthrough_proxy]], implementation plan: 1. getProxies should be cached to avoid repeatedly reading the log and parsing. -1. Remote names coming from the git-annex branch need to be - limited to what's legal in git remote names. If a remote name is not - legal, munge it until it is. - This will also prevent remote names being a security hazard - via eg escape characters. - 2. Remote instantiation for proxies. When a remote "foo" is a proxy, and has a remote "bar", instantiate a remote "foo-bar" that has the UUID of bar but is of the same type and configuration of remote "foo".