mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
git-annex/Command/Trust.hs
Joey Hess 3290a09a70
filter out control characters in warning messages 
Converted warning and similar to use StringContainingQuotedPath. Most
warnings are static strings, some do refer to filepaths that need to be
quoted, and others don't need quoting.

Note that, since quote filters out control characters of even
UnquotedString, this makes all warnings safe, even when an attacker
sneaks in a control character in some other way.

When json is being output, no quoting is done, since json gets its own
quoting.

This does, as a side effect, make warning messages in json output not
be indented. The indentation is only needed to offset warning messages
underneath the display of the file they apply to, so that's ok.

Sponsored-by: Brett Eisenberg on Patreon
2023-04-10 15:55:44 -04:00

53 lines
1.5 KiB
Haskell
Raw Blame History

{- git-annex command
-
- Copyright 2010-2021 Joey Hess <id@joeyh.name>
-
- Licensed under the GNU AGPL version 3 or higher.
-}
module Command.Trust where
import Command
import qualified Remote
import qualified Annex
import Types.TrustLevel
import Logs.Trust
import Logs.Group
import qualified Data.Set as S
cmd :: Command
cmd = command "trust" SectionSetup "trust a repository"
(paramRepeating paramRepository) (withParams seek)
seek :: CmdParams -> CommandSeek
seek = trustCommand "trust" Trusted
trustCommand :: String -> TrustLevel -> CmdParams -> CommandSeek
trustCommand _ _ [] = giveup "no repository name specified"
trustCommand c level ps = withStrings (commandAction . start) ps
where
start name = do
u <- Remote.nameToUUID name
let si = SeekInput [name]
starting c (ActionItemOther (Just (UnquotedString name))) si (perform name u)
perform name uuid = do
when (level >= Trusted) $
unlessM (Annex.getRead Annex.force) $
giveup $ trustedNeedsForce name
trustSet uuid level
when (level == DeadTrusted) $
groupSet uuid S.empty
l <- lookupTrust uuid
when (l /= level) $
warning $ UnquotedString $ "This remote's trust level is overridden to " ++ showTrustLevel l ++ "."
next $ return True
trustedNeedsForce :: String -> String
trustedNeedsForce name = unwords
[ "Trusting a repository can lead to data loss."
, "If you're sure you know what you're doing, use --force to"
, "make this take effect."
, "If you choose to do so, bear in mind that any time you drop"
, "content from " ++ name ++ ", you will risk losing data."
]
Reference in a new issue View git blame Copy permalink