1. 17 Oct, 2021 1 commit
    • str: introduce `git_str` for internal, `git_buf` is external · f0e693b1
      libgit2 has two distinct requirements that were previously solved by
      `git_buf`.  We require:
      
      1. A general purpose string class that provides a number of utility APIs
         for manipulating data (eg, concatenating, truncating, etc).
      2. A structure that we can use to return strings to callers that they
         can take ownership of.
      
      By using a single class (`git_buf`) for both of these purposes, we have
      confused the API to the point that refactorings are difficult and
      reasoning about correctness is also difficult.
      
      Move the utility class `git_buf` to be called `git_str`: this represents
      its general purpose, as an internal string buffer class.  The name also
      is an homage to Junio Hamano ("gitstr").
      
      The public API remains `git_buf`, and has a much smaller footprint.  It
      is generally only used as an "out" param with strict requirements that
      follow the documentation.  (Exceptions exist for some legacy APIs to
      avoid breaking callers unnecessarily.)
      
      Utility functions exist to convert a user-specified `git_buf` to a
      `git_str` so that we can call internal functions, then converting it
      back again.
      Edward Thomson committed
  2. 20 Jul, 2019 1 commit
  3. 10 Jun, 2018 1 commit
  4. 24 May, 2018 1 commit
  5. 14 May, 2018 1 commit
  6. 09 May, 2018 1 commit
    • submodule: ignore submodules which include path traversal in their name · 6b15ceac
      If the we decide that the "name" of the submodule (i.e. its path inside
      `.git/modules/`) is trying to escape that directory or otherwise trick us, we
      ignore the configuration for that submodule.
      
      This leaves us with a half-configured submodule when looking it up by path, but
      it's the same result as if the configuration really were missing.
      
      The name check is potentially more strict than it needs to be, but it lets us
      re-use the check we're doing for the checkout. The function that encapsulates
      this logic is ready to be exported but we don't want to do that in a security
      release so it remains internal for now.
      Carlos Martín Nieto committed
  7. 30 Apr, 2018 1 commit