Commit graph

43267 commits

Author SHA1 Message Date
Joey Hess
fdd1f177b0
response 2023-04-17 13:39:34 -04:00
Joey Hess
2aba119161
already fixed 2023-04-17 13:35:23 -04:00
Joey Hess
f250379975
response 2023-04-17 13:32:50 -04:00
DavidD
c80994c86b Added a comment 2023-04-17 15:27:49 +00:00
yarikoptic
d1fbc8744f Added a comment 2023-04-17 13:01:03 +00:00
dud225@35a1ee469f82f3a7eb1f2dce4ad453f5e47bdfd3
11a498568d Added a comment: Groups comprised of archive drives of various size 2023-04-17 10:12:58 +00:00
nobodyinperson
0393245935 Added a comment: Too old? 2023-04-17 01:43:36 +00:00
adpce
9f8c5a0606 git annex forget bug 2023-04-16 19:58:22 +00:00
nobodyinperson
5780eaffe3 Added a comment 2023-04-16 17:49:51 +00:00
DavidD
8fcb91e75d Added a comment 2023-04-15 22:16:11 +00:00
dirtminer@d11db62478fa082f843be60f2c5a6e1dcf5b3566
80c2ec386c 2023-04-15 01:04:46 +00:00
mih
bef2b3f607 Initial report 2023-04-14 06:55:18 +00:00
Joey Hess
2efceba789
fix windows build 2023-04-12 19:33:19 -04:00
Joey Hess
c5bcb55a8b
add ScopedTypeVariables 2023-04-12 19:19:22 -04:00
Joey Hess
fe5e586b72
rename Git.Filename to Git.Quote 2023-04-12 17:22:03 -04:00
Joey Hess
2a0a0fec8c
close ancient moreinfo bug 2023-04-12 17:18:05 -04:00
Joey Hess
6fc999193f
avoid displaying ExitCode exceptions
Don't need to be sanitized and displaying them messes up actually
exiting with the right exit code! And broke the test suite.

Sponsored-by: Brett Eisenberg on Patreon
2023-04-12 17:04:57 -04:00
Joey Hess
2fdb6ca879
remove unused imports 2023-04-12 16:48:18 -04:00
Joey Hess
160d4c9254
whereused: Fix display of branch:file when run in a subdirectory
The file needs to be relative to the top of the repository
in that case, but it was relative to the subdir.

Sponsored-by: Luke Shumaker on Patreon
2023-04-12 15:18:04 -04:00
Joey Hess
275d974120
improve display of relative path to file
When in a subdirectory, and the file is too, it used to display eg
../subdir/thefile and now will display thefile.
2023-04-12 15:11:44 -04:00
Joey Hess
317887c4d2
devblog 2023-04-12 15:03:01 -04:00
Joey Hess
3e5829721f
fix build 2023-04-12 14:31:56 -04:00
Joey Hess
fdac66ae10
sanitize control characters in main thread fatal exceptions
Sponsored-by: Noam Kremen on Patreon
2023-04-12 14:21:53 -04:00
Joey Hess
11790df3e6
fix build 2023-04-12 14:18:29 -04:00
Joey Hess
3346aa9659
safe output to terminal for calckey inprogress and lookupkey
These are quite low-level, but still there is no point in displaying
escape sequences that have been embedded in a key to the terminal.

I think these are the only remaining commands that didn't use safe
output, except for cases where git-annex is speaking a protocol to
itself.

Sponsored-by: Kevin Mueller on Patreon
2023-04-12 14:03:44 -04:00
Joey Hess
a576fc3b12
fix mojibake reversion in display of utf8
When displaying a ByteString like "💕", safeOutput operates on
individual bytes like "\240\159\146\149" and isControl '\146' = True,
so it got truncated to just "\240".

So, only treat the low control characters, and DEL, as control
characters.

Also split Utility.Terminal out of Utility.SafeOutput. The latter needs
win32, but Utility.SafeOutput is used by Control.Exception, which is
used by Setup.

Sponsored-by: Nicholas Golder-Manning on Patreon
2023-04-12 13:53:30 -04:00
Joey Hess
c50aa21d5f
init: Avoid autoenabling special remotes that have control characters in their names
I'm on the fence about this. Notice that pulling from a git remote can
pull branches that have escape sequences in their names. Git will
display those as-is. Arguably git should try harder to avoid that.

But, names of remotes are usually up to the local user, and autoenable
changes that, and so it makes sense that git chooses to display control
characters in names of remotes, and so autoenable needs to guard against
it.

Sponsored-by: Graham Spencer on Patreon
2023-04-12 12:37:12 -04:00
Joey Hess
de68e3dd4f
allow tab in controlCharacterInFilePath
Seems unlikely to have a tab in a path, but it's not a control character
that needs to be prevented either.

Left \n \r \v and \a as other non-threatening control characters
that are still obnoxious to have in a filepath because of how it causes
issues with display and/or with shell scripting.
2023-04-12 12:31:16 -04:00
Joey Hess
ad71f005b8
fix reversion in warning newline
indent removes any trailing newline, so put the trailing newline after
calling indent.

Sponsored-by: unqueued on Patreon
2023-04-12 12:30:50 -04:00
Joey Hess
708f4756d4
Merge branch 'master' of ssh://git-annex.branchable.com 2023-04-11 16:31:42 -04:00
Joey Hess
27915817b0
update 2023-04-11 16:31:31 -04:00
Joey Hess
31111d15c8
newline and tab are safe control characters
Oops, let's let git-annex display those! Lol
2023-04-11 15:38:47 -04:00
Joey Hess
4a5f18a8ec
IsString StringContainingQuotedPath optimisation
This causes an encodeBS thunk, and the first evaluation of the string
forces it. From then on, further uses operate on a ByteString. This
avoids converting repeatedly.
2023-04-11 15:29:04 -04:00
Joey Hess
afa5b883dc
find, findkeys, examinekey: escape output to terminal when --format is not used
Note that filenames are not quoted, only escaped. This is to match the
output of --format with escaping.

Sponsored-by: Lawrence Brogan on Patreon
2023-04-11 15:27:07 -04:00
Joey Hess
df6f9f1ee8
filter out control characters and quote filenames
Searched for uses of putStr and hPutStr and changed appropriate ones to filter
out control characters and quote filenames.

This notably does not make find and findkeys quote filenames in their default
output. Because they should only do that when stdout is non a pipe.

A few commands like calckey and lookupkey seem too low-level to make sense to filter
output, so skipped those.

Also when relaying output from other commands that is not progress output,
have git-annex filter out control characters.

Sponsored-by: k0ld on Patreon
2023-04-11 14:27:22 -04:00
xloem
59aa498876 Added a comment 2023-04-11 18:07:04 +00:00
Joey Hess
11e89c5a29
mention control characters 2023-04-11 14:06:46 -04:00
xloem
893cd20bee Added a comment 2023-04-11 18:03:26 +00:00
Joey Hess
c775b3ed70
clean up cabal.project.local~*
Make whenever cabal configure is run with new cabal, and I don't need
100 copies of that to be backed up.
2023-04-11 13:18:31 -04:00
Joey Hess
8b6c7bdbcc
filter out control characters in all other Messages
This does, as a side effect, make long notes in json output not
be indented. The indentation is only needed to offset them
underneath the display of the file they apply to, so that's ok.

Sponsored-by: Brock Spratlen on Patreon
2023-04-11 12:58:01 -04:00
Joey Hess
a0e6fa18eb
eliminate showStart showStartOther
These were not handling control characters and are redundant.

Sponsored-by: Jack Hill on Patreon
2023-04-10 16:28:58 -04:00
Joey Hess
3290a09a70
filter out control characters in warning messages
Converted warning and similar to use StringContainingQuotedPath. Most
warnings are static strings, some do refer to filepaths that need to be
quoted, and others don't need quoting.

Note that, since quote filters out control characters of even
UnquotedString, this makes all warnings safe, even when an attacker
sneaks in a control character in some other way.

When json is being output, no quoting is done, since json gets its own
quoting.

This does, as a side effect, make warning messages in json output not
be indented. The indentation is only needed to offset warning messages
underneath the display of the file they apply to, so that's ok.

Sponsored-by: Brett Eisenberg on Patreon
2023-04-10 15:55:44 -04:00
Joey Hess
007e302637
use safeOutput when quoting UnquotedString
UnquotedString does not need to be quoted, but still it's possible
it contains something attacker-controlled, which could have an
escape sequence or control character in it. This is a convenient
place to filter out such things, since quoting alrready handles
those in filenames.

Sponsored-by: Luke Shumaker on Patreon
2023-04-10 14:46:17 -04:00
Joey Hess
cd544e548b
filter out control characters in error messages
giveup changed to filter out control characters. (It is too low level to
make it use StringContainingQuotedPath.)

error still does not, but it should only be used for internal errors,
where the message is not attacker-controlled.

Changed a lot of existing error to giveup when it is not strictly an
internal error.

Of course, other exceptions can still be thrown, either by code in
git-annex, or a library, that include some attacker-controlled value.
This does not guard against those.

Sponsored-by: Noam Kremen on Patreon
2023-04-10 13:50:51 -04:00
Joey Hess
063c00e4f7
git style filename quoting for giveup
When the filenames are part of the git repository or other files that
might have attacker-controlled names, quote them in error messages.

This is fairly complete, although I didn't do the one in
Utility.DirWatcher.INotify.hs because that doesn't have access to
Git.Filename or Annex.

But it's also quite possible I missed some. And also while scanning for
these, I found giveup used with other things that could be attacker
controlled to contain control characters (eg Keys). So, I'm thinking
it would also be good for giveup to just filter out control characters.
This commit is then not the only line of defence, but just good
formatting when git-annex displays a filename in an error message.

Sponsored-by: Kevin Mueller on Patreon
2023-04-10 12:56:45 -04:00
Joey Hess
da83652c76
addurl --preserve-filename: reject control characters
As well as escape sequences, control characters seem unlikely to be desired when
doing addurl, and likely to trip someone up. So disallow them as well.

I did consider going the other way and allowing filenames with control characters
and escape sequences, since git-annex is in the process of escaping display
of all filenames. Might still be a better idea?

Also display the illegal filename git quoted when it rejects it.

Sponsored-by: Nicholas Golder-Manning on Patreon
2023-04-10 12:18:25 -04:00
Joey Hess
1c21ce17d4
avoid unncessary nested lists for combineing StringContainingQuotedPath 2023-04-09 12:53:13 -04:00
Joey Hess
2ba1559a8e
git style quoting for ActionItemOther
Added StringContainingQuotedPath, which is used for ActionItemOther.

In the process, checked every ActionItemOther for those containing
filenames, and made them use quoting.

Sponsored-by: Graham Spencer on Patreon
2023-04-08 16:30:01 -04:00
Joey Hess
d689a5b338
git style filename quoting controlled by core.quotePath
This is by no means complete, but escaping filenames in actionItemDesc does
cover most commands.

Note that for ActionItemBranchFilePath, the value is branch:file, and I
choose to only quote the file part (if necessary). I considered quoting the
whole thing. But, branch names cannot contain control characters, and while
they can contain unicode, git coes not quote unicode when displaying branch
names. So, it would be surprising for git-annex to quote unicode in a
branch name.

The find command is the most obvious command that still needs to be
dealt with. There are probably other places that filenames also get
displayed, eg embedded in error messages.

Some other commands use ActionItemOther with a filename, I think that
ActionItemOther should either be pre-sanitized, or should explicitly not
be used for filenames, so that needs more work.

When --json is used, unicode does not get escaped, but control
characters were already escaped in json.

(Key escaping may turn out to be needed, but I'm ignoring that for now.)

Sponsored-by: unqueued on Patreon
2023-04-08 14:52:26 -04:00
Joey Hess
81bc57322f
clean up 2023-04-07 17:20:58 -04:00