Commit graph

32873 commits

Author SHA1 Message Date
aurtzy
51df5cb26e 2023-04-24 03:25:41 +00:00
aurtzy
c70677e31d 2023-04-24 03:16:12 +00:00
yarikoptic
589abdeb5c initial report on bad escaping 2023-04-22 05:06:01 +00:00
Joey Hess
3545c9f2c1
close 2023-04-21 12:34:20 -04:00
adina.wagner@2a4cac6443aada2bd2a329b8a33f4a7b87cc8eff
a32b0b8659 Added a comment 2023-04-21 07:08:35 +00:00
Joey Hess
e856ae0f35
idea 2023-04-20 14:21:22 -04:00
Joey Hess
2752360708
analysis and followup 2023-04-20 14:11:04 -04:00
DavidD
2de88e299f 2023-04-20 16:08:21 +00:00
DavidD
728a9ce995 2023-04-20 15:43:30 +00:00
DavidD
430bf010ad 2023-04-20 15:37:46 +00:00
Joey Hess
31e4b6dee1
catch chdir exception in --autostop
assistant --autostop: Avoid crashing when ~/.config/git-annex/autostart
lists a directory that it cannot chdir to.

Sponsored-by: k0ld on Patreon
2023-04-19 12:42:02 -04:00
Joey Hess
d223fa3b0a
response 2023-04-19 12:26:20 -04:00
Joey Hess
cf85d54a2f
comment and improve docs 2023-04-19 12:20:26 -04:00
dud225@35a1ee469f82f3a7eb1f2dce4ad453f5e47bdfd3
43271632af Added a comment: Sync to remote master? 2023-04-19 08:40:41 +00:00
kirrik96@419b50c9fb455c2f172184be932c5df3635a3cf4
3d1d77a1bb 2023-04-18 21:12:21 +00:00
Joey Hess
9155ed1072
configremote
New command, currently limited to changing autoenable= setting of a special remote.

It will probably never be used for more than that given the limitations on
it.

Sponsored-by: Brock Spratlen on Patreon
2023-04-18 15:30:49 -04:00
Joey Hess
8728695b9c
support enableremote of git repo changing eg autoenable=
enableremote: Support enableremote of a git remote (that was previously set
up with initremote) when additional parameters such as autoenable= are
passed.

The enableremote special case for regular git repos is intended to handle
ones that don't have a UUID probed, and the user wants git-annex to
re-probe. So, that special case is still needed. But, in that special
case, the user is not passing any extra parameters. So, when there are
parameters, instead run the special remote setup code. That requires there
to be a uuid known already, and it allows changing things like autoenable=

Remote.Git.enableRemote changed to be a no-op if a git remote with the name
already exists. Which it generally will in this case.

Sponsored-by: Jack Hill on Patreon
2023-04-18 14:00:24 -04:00
Joey Hess
3a402a907f
comment 2023-04-18 13:09:24 -04:00
nobodyinperson
b32ca4180d 2023-04-18 07:55:46 +00:00
mih
377679babc Added a comment: Confirm 2023-04-18 07:54:46 +00:00
Joey Hess
f02d3336b6
comment 2023-04-17 14:09:06 -04:00
Joey Hess
7702165d6a
response 2023-04-17 14:03:02 -04:00
Joey Hess
d727907795
comment 2023-04-17 13:48:23 -04:00
Joey Hess
fdd1f177b0
response 2023-04-17 13:39:34 -04:00
Joey Hess
2aba119161
already fixed 2023-04-17 13:35:23 -04:00
Joey Hess
f250379975
response 2023-04-17 13:32:50 -04:00
DavidD
c80994c86b Added a comment 2023-04-17 15:27:49 +00:00
yarikoptic
d1fbc8744f Added a comment 2023-04-17 13:01:03 +00:00
dud225@35a1ee469f82f3a7eb1f2dce4ad453f5e47bdfd3
11a498568d Added a comment: Groups comprised of archive drives of various size 2023-04-17 10:12:58 +00:00
nobodyinperson
0393245935 Added a comment: Too old? 2023-04-17 01:43:36 +00:00
adpce
9f8c5a0606 git annex forget bug 2023-04-16 19:58:22 +00:00
nobodyinperson
5780eaffe3 Added a comment 2023-04-16 17:49:51 +00:00
DavidD
8fcb91e75d Added a comment 2023-04-15 22:16:11 +00:00
dirtminer@d11db62478fa082f843be60f2c5a6e1dcf5b3566
80c2ec386c 2023-04-15 01:04:46 +00:00
mih
bef2b3f607 Initial report 2023-04-14 06:55:18 +00:00
Joey Hess
2a0a0fec8c
close ancient moreinfo bug 2023-04-12 17:18:05 -04:00
Joey Hess
317887c4d2
devblog 2023-04-12 15:03:01 -04:00
Joey Hess
fdac66ae10
sanitize control characters in main thread fatal exceptions
Sponsored-by: Noam Kremen on Patreon
2023-04-12 14:21:53 -04:00
Joey Hess
c50aa21d5f
init: Avoid autoenabling special remotes that have control characters in their names
I'm on the fence about this. Notice that pulling from a git remote can
pull branches that have escape sequences in their names. Git will
display those as-is. Arguably git should try harder to avoid that.

But, names of remotes are usually up to the local user, and autoenable
changes that, and so it makes sense that git chooses to display control
characters in names of remotes, and so autoenable needs to guard against
it.

Sponsored-by: Graham Spencer on Patreon
2023-04-12 12:37:12 -04:00
Joey Hess
708f4756d4
Merge branch 'master' of ssh://git-annex.branchable.com 2023-04-11 16:31:42 -04:00
Joey Hess
27915817b0
update 2023-04-11 16:31:31 -04:00
Joey Hess
afa5b883dc
find, findkeys, examinekey: escape output to terminal when --format is not used
Note that filenames are not quoted, only escaped. This is to match the
output of --format with escaping.

Sponsored-by: Lawrence Brogan on Patreon
2023-04-11 15:27:07 -04:00
xloem
59aa498876 Added a comment 2023-04-11 18:07:04 +00:00
Joey Hess
11e89c5a29
mention control characters 2023-04-11 14:06:46 -04:00
xloem
893cd20bee Added a comment 2023-04-11 18:03:26 +00:00
Joey Hess
8b6c7bdbcc
filter out control characters in all other Messages
This does, as a side effect, make long notes in json output not
be indented. The indentation is only needed to offset them
underneath the display of the file they apply to, so that's ok.

Sponsored-by: Brock Spratlen on Patreon
2023-04-11 12:58:01 -04:00
Joey Hess
a0e6fa18eb
eliminate showStart showStartOther
These were not handling control characters and are redundant.

Sponsored-by: Jack Hill on Patreon
2023-04-10 16:28:58 -04:00
Joey Hess
3290a09a70
filter out control characters in warning messages
Converted warning and similar to use StringContainingQuotedPath. Most
warnings are static strings, some do refer to filepaths that need to be
quoted, and others don't need quoting.

Note that, since quote filters out control characters of even
UnquotedString, this makes all warnings safe, even when an attacker
sneaks in a control character in some other way.

When json is being output, no quoting is done, since json gets its own
quoting.

This does, as a side effect, make warning messages in json output not
be indented. The indentation is only needed to offset warning messages
underneath the display of the file they apply to, so that's ok.

Sponsored-by: Brett Eisenberg on Patreon
2023-04-10 15:55:44 -04:00
Joey Hess
cd544e548b
filter out control characters in error messages
giveup changed to filter out control characters. (It is too low level to
make it use StringContainingQuotedPath.)

error still does not, but it should only be used for internal errors,
where the message is not attacker-controlled.

Changed a lot of existing error to giveup when it is not strictly an
internal error.

Of course, other exceptions can still be thrown, either by code in
git-annex, or a library, that include some attacker-controlled value.
This does not guard against those.

Sponsored-by: Noam Kremen on Patreon
2023-04-10 13:50:51 -04:00
Joey Hess
da83652c76
addurl --preserve-filename: reject control characters
As well as escape sequences, control characters seem unlikely to be desired when
doing addurl, and likely to trip someone up. So disallow them as well.

I did consider going the other way and allowing filenames with control characters
and escape sequences, since git-annex is in the process of escaping display
of all filenames. Might still be a better idea?

Also display the illegal filename git quoted when it rejects it.

Sponsored-by: Nicholas Golder-Manning on Patreon
2023-04-10 12:18:25 -04:00