filter out control characters in error messages
giveup changed to filter out control characters. (It is too low level to make it use StringContainingQuotedPath.) error still does not, but it should only be used for internal errors, where the message is not attacker-controlled. Changed a lot of existing error to giveup when it is not strictly an internal error. Of course, other exceptions can still be thrown, either by code in git-annex, or a library, that include some attacker-controlled value. This does not guard against those. Sponsored-by: Noam Kremen on Patreon
This commit is contained in:
parent
063c00e4f7
commit
cd544e548b
69 changed files with 142 additions and 103 deletions
|
@ -120,7 +120,7 @@ catObjectDetails h object = query (catFileProcess h) object newlinefallback $ \f
|
|||
content <- readObjectContent from r
|
||||
return $ Just (content, sha, objtype)
|
||||
Just DNE -> return Nothing
|
||||
Nothing -> error $ "unknown response from git cat-file " ++ show (header, object)
|
||||
Nothing -> giveup $ "unknown response from git cat-file " ++ show (header, object)
|
||||
where
|
||||
-- Slow fallback path for filenames containing newlines.
|
||||
newlinefallback = queryObjectType object (catFileGitRepo h) >>= \case
|
||||
|
@ -144,7 +144,7 @@ readObjectContent h (ParsedResp _ _ size) = do
|
|||
eatchar expected = do
|
||||
c <- hGetChar h
|
||||
when (c /= expected) $
|
||||
error $ "missing " ++ (show expected) ++ " from git cat-file"
|
||||
giveup $ "missing " ++ (show expected) ++ " from git cat-file"
|
||||
readObjectContent _ DNE = error "internal"
|
||||
|
||||
{- Gets the size and type of an object, without reading its content. -}
|
||||
|
|
|
@ -54,7 +54,7 @@ checkAttrs (h, attrs, currdir) want file = do
|
|||
getvals l (x:xs) = case map snd $ filter (\(attr, _) -> attr == x) l of
|
||||
["unspecified"] -> "" : getvals l xs
|
||||
[v] -> v : getvals l xs
|
||||
_ -> error $ "unable to determine " ++ x ++ " attribute of " ++ fromRawFilePath file
|
||||
_ -> giveup $ "unable to determine " ++ x ++ " attribute of " ++ fromRawFilePath file
|
||||
|
||||
send to = B.hPutStr to $ file' `B.snoc` 0
|
||||
receive c from = do
|
||||
|
|
|
@ -86,7 +86,7 @@ fromAbsPath :: RawFilePath -> IO Repo
|
|||
fromAbsPath dir
|
||||
| absoluteGitPath dir = fromPath dir
|
||||
| otherwise =
|
||||
error $ "internal error, " ++ show dir ++ " is not absolute"
|
||||
giveup $ "internal error, " ++ show dir ++ " is not absolute"
|
||||
|
||||
{- Construct a Repo for a remote's url.
|
||||
-
|
||||
|
|
|
@ -113,8 +113,8 @@ parseDiffRaw l = go l
|
|||
go [] = []
|
||||
go (info:f:rest) = case A.parse (parserDiffRaw (L.toStrict f)) info of
|
||||
A.Done _ r -> r : go rest
|
||||
A.Fail _ _ err -> error $ "diff-tree parse error: " ++ err
|
||||
go (s:[]) = error $ "diff-tree parse error near \"" ++ decodeBL s ++ "\""
|
||||
A.Fail _ _ err -> giveup $ "diff-tree parse error: " ++ err
|
||||
go (s:[]) = giveup $ "diff-tree parse error near \"" ++ decodeBL s ++ "\""
|
||||
|
||||
-- :<srcmode> SP <dstmode> SP <srcsha> SP <dstsha> SP <status>
|
||||
--
|
||||
|
|
|
@ -31,6 +31,7 @@ import Text.Printf
|
|||
|
||||
import Utility.PartialPrelude
|
||||
import Utility.FileSystemEncoding
|
||||
import Utility.Exception
|
||||
|
||||
{- This is a variable length binary string, but its size is limited to
|
||||
- maxPktLineLength. Its serialization includes a 4 byte hexadecimal
|
||||
|
@ -96,7 +97,7 @@ encodePktLine b
|
|||
stringPktLine :: String -> PktLine
|
||||
stringPktLine s
|
||||
| length s > maxPktLineLength =
|
||||
error "textPktLine called with too-long value"
|
||||
giveup "textPktLine called with too-long value"
|
||||
| otherwise = PktLine (encodeBS s <> "\n")
|
||||
|
||||
{- Sends a PktLine to a Handle, and flushes it so that it will be
|
||||
|
|
|
@ -20,7 +20,7 @@ import Data.Char
|
|||
getSha :: String -> IO S.ByteString -> IO Sha
|
||||
getSha subcommand a = maybe bad return =<< extractSha <$> a
|
||||
where
|
||||
bad = error $ "failed to read sha from git " ++ subcommand
|
||||
bad = giveup $ "failed to read sha from git " ++ subcommand
|
||||
|
||||
{- Extracts the Sha from a ByteString.
|
||||
-
|
||||
|
|
|
@ -62,7 +62,7 @@ data TreeContent
|
|||
getTree :: LsTree.LsTreeRecursive -> Ref -> Repo -> IO Tree
|
||||
getTree recursive r repo = do
|
||||
(l, cleanup) <- lsTreeWithObjects recursive r repo
|
||||
let !t = either (\e -> error ("ls-tree parse error:" ++ e)) id
|
||||
let !t = either (\e -> giveup ("ls-tree parse error:" ++ e)) id
|
||||
(extractTree l)
|
||||
void cleanup
|
||||
return t
|
||||
|
@ -254,7 +254,7 @@ adjustTree adjusttreeitem addtreeitems resolveaddconflict removefiles r repo =
|
|||
Just (TreeItem f m s) ->
|
||||
let commit = TreeCommit f m s
|
||||
in go h wasmodified (commit:c) depth intree is
|
||||
_ -> error ("unexpected object type \"" ++ decodeBS (LsTree.typeobj i) ++ "\"")
|
||||
_ -> giveup ("unexpected object type \"" ++ decodeBS (LsTree.typeobj i) ++ "\"")
|
||||
| otherwise = return (c, wasmodified, i:is)
|
||||
|
||||
adjustlist h depth ishere underhere l = do
|
||||
|
|
|
@ -78,7 +78,7 @@ doMerge hashhandle ch differ repo streamer = do
|
|||
go [] = noop
|
||||
go (info:file:rest) = mergeFile info file hashhandle ch >>=
|
||||
maybe (go rest) (\l -> streamer l >> go rest)
|
||||
go (_:[]) = error $ "parse error " ++ show differ
|
||||
go (_:[]) = giveup $ "parse error " ++ show differ
|
||||
|
||||
{- Given an info line from a git raw diff, and the filename, generates
|
||||
- a line suitable for update-index that union merges the two sides of the
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue