- 12 Jul, 2022 1 commit
-
-
In the ownership checks implemented for CVE-2022-24765, we disallowed users to access their own repositories when running with `sudo`. Examine the `SUDO_UID` environment variable and allow users running with `sudo`. This matches git's behavior.
Edward Thomson committed
-
- 07 Jul, 2022 3 commits
-
-
Allow the user ownership to match if the file is owned by the admin group and the user is in the admin group, even if the current process is not running as administrator directly.
Edward Thomson committed -
Refactor the file ownership checks so that callers can provide discrete information about the ownership expectations to a single function.
Edward Thomson committed -
The file ownership concepts can reflect the actual file ownership, they are not necessarily limited to mocking the interface. Rename them so that they can be more broadly applicable.
Edward Thomson committed
-
- 12 Apr, 2022 1 commit
-
-
Provide a mock for file ownership for testability.
Edward Thomson committed
-
- 11 Apr, 2022 1 commit
-
-
Provide individual file ownership checks for both the current user and the system user, as well as a combined current user and system user check.
Edward Thomson committed
-
- 23 Feb, 2022 2 commits
-
-
Instead of simply including the utility files directly, make them a cmake object library for easy reusability between other projects within libgit2. Now the top-level `src` is responsible for platform selection, while the next-level `libgit2` and `util` configurations are responsible for identifying what objects they include.
Edward Thomson committed -
Edward Thomson committed
-
- 18 Jan, 2022 1 commit
-
-
Provide a helper function to find an executable in the current process's PATH.
Edward Thomson committed
-
- 22 Nov, 2021 1 commit
-
-
Remove some unnecessary includes from utility code.
Edward Thomson committed
-
- 09 Nov, 2021 9 commits
-
-
Edward Thomson committed
-
Edward Thomson committed
-
Edward Thomson committed
-
Add a `git_str` based validity check; the existing `git_path_is_valid` defers to it.
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
Provide a mechanism for users to limit the number of characters that are examined; `git_fs_path_str_is_valid` and friends will only examine up to `str->size` bytes. `git_fs_path_is_valid` delegates to these new functions by passing `SIZE_MAX` (instead of doing a `strlen`), which is a sentinel value meaning "look for a NUL terminator".
Edward Thomson committed -
Since we're returning a boolean about validation, the name is more properly "is valid".
Edward Thomson committed -
Introduce `git_fs_path`, which operates on generic filesystem paths. `git_path` will be kept for only git-specific path functionality (for example, checking for `.git` in a path).
Edward Thomson committed
-
- 17 Oct, 2021 1 commit
-
-
libgit2 has two distinct requirements that were previously solved by `git_buf`. We require: 1. A general purpose string class that provides a number of utility APIs for manipulating data (eg, concatenating, truncating, etc). 2. A structure that we can use to return strings to callers that they can take ownership of. By using a single class (`git_buf`) for both of these purposes, we have confused the API to the point that refactorings are difficult and reasoning about correctness is also difficult. Move the utility class `git_buf` to be called `git_str`: this represents its general purpose, as an internal string buffer class. The name also is an homage to Junio Hamano ("gitstr"). The public API remains `git_buf`, and has a much smaller footprint. It is generally only used as an "out" param with strict requirements that follow the documentation. (Exceptions exist for some legacy APIs to avoid breaking callers unnecessarily.) Utility functions exist to convert a user-specified `git_buf` to a `git_str` so that we can call internal functions, then converting it back again.
Edward Thomson committed
-
- 09 Sep, 2021 1 commit
-
-
Make some syntax change to follow coding style.
punkymaniac committed
-
- 28 Apr, 2021 2 commits
-
-
Let `git_path_find_dir` simply take a `git_buf` that contains a directory or a file, instead of trying to both join a path AND then deal with prettifying it or its basename. This allows consumers to join paths themselves (and apply any necessary rules - like fitting within MAX_PATH).
Edward Thomson committed -
Introduce `git_path_validate_filesystem` which validates (absolute) on-disk paths and `git_path_validate_workdir` to perform validations on (absolute) working directory paths. These functions are useful as there may be system limitations on on-disk paths, particularly on Windows (for example, enforcing MAX_PATH). For working directory paths, these limitations may be per-repository, based on the `core.longpaths` configuration setting.
Edward Thomson committed
-
- 14 Apr, 2021 1 commit
-
-
If we want to validate more and different types of paths, the name `git_path_validate` makes that easier and more expressive. We can add, for example, `git_path_validate_foo` while the current name makes that less ergonomic.
Edward Thomson committed
-
- 27 Nov, 2020 1 commit
-
-
Edward Thomson committed
-
- 13 Aug, 2019 1 commit
-
-
When the VirtualStore feature is in effect, it is safe to let random users write into C:\ProgramData because other users won't see those files. This seemed to be the case when we introduced support for C:\ProgramData\Git\config. However, when that feature is not in effect (which seems to be the case in newer Windows 10 versions), we'd rather not use those files unless they come from a trusted source, such as an administrator. This change imitates the strategy chosen by PowerShell's native OpenSSH port to Windows regarding host key files: if a system file is owned neither by an administrator, a system account, or the current user, it is ignored.
Johannes Schindelin committed
-
- 20 Jul, 2019 1 commit
-
-
When initializing a repository, we need to check whether its working directory supports symlinks to correctly set the initial value of the "core.symlinks" config variable. The code to check the filesystem is reusable in other parts of our codebase, like for example in our tests to determine whether certain tests can be expected to succeed or not. Extract the code into a new function `git_path_supports_symlinks` to avoid duplicate implementations. Remove a duplicate implementation in the repo test helper code.
Patrick Steinhardt committed
-
- 15 Oct, 2018 1 commit
-
-
These checks are preformed by libgit2 on checkout, but they're also useful for performing checks in applications which do not involve checkout. Expose them under `sys/` as it's still fairly in the weeds even for this library.
Carlos Martín Nieto committed
-
- 01 Jun, 2018 1 commit
-
-
Right now, there's quite a lot of different function calls to determine whether a path component matches a specific name after normalization from the filesystem. We have a function for each of {gitattributes, gitmodules, gitignore} multiplicated with {generic, NTFS, HFS} checks. In the long time, this is unmaintainable in case there are e.g. new filesystems with specific semantics, blowing up the number of functions we need to implement. Replace all functions with a simple `git_path_is_gitfile` function, which accepts an enum pointing out the filename that is to be checked against as well as the filesystem normalizations to check for. This greatly simplifies implementation at the expense of the caller having to invoke a somewhat longer function call.
Patrick Steinhardt committed
-
- 23 May, 2018 1 commit
-
-
Any part of the library which asks the question can pass in the mode to have it checked against `.gitmodules` being a symlink. This is particularly relevant for adding entries to the index from the worktree and for checking out files.
Carlos Martín Nieto committed
-
- 22 May, 2018 2 commits
-
-
We may take in names from the middle of a string so we want the caller to let us know how long the path component is that we should be checking.
Carlos Martín Nieto committed -
These will be used by the checkout code to detect them for the particular filesystem they're on.
Carlos Martín Nieto committed
-
- 18 May, 2018 1 commit
-
-
These can't go into the public API yet as we don't want to introduce API or ABI changes in a security release.
Carlos Martín Nieto committed
-
- 09 Oct, 2017 2 commits
-
-
This function has previously been implemented in Windows-specific path handling code as `path__is_dirsep`. As we will need this functionality in other parts, extract the logic into "path.h" alongside with a non-Windows implementation.
Patrick Steinhardt committed -
This function has previously been implemented in Windows-specific path handling code as `path__is_absolute`. As we will need this functionality in other parts, extract the logic into "path.h" alongside with a non-Windows implementation.
Patrick Steinhardt committed
-
- 03 Jul, 2017 1 commit
-
-
Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
Patrick Steinhardt committed
-
- 26 May, 2016 1 commit
-
-
Edward Thomson committed
-
- 24 Mar, 2016 1 commit
-
-
Edward Thomson committed
-
- 17 Feb, 2016 1 commit
-
-
Allow `git_index_read` to handle reading existing indexes with illegal entries. Allow the low-level `git_index_add` to add properly formed `git_index_entry`s even if they contain paths that would be illegal for the current filesystem (eg, `AUX`). Continue to disallow `git_index_add_bypath` from adding entries that are illegal universally illegal (eg, `.git`, `foo/../bar`).
Edward Thomson committed
-
- 17 Sep, 2015 1 commit
-
-
Edward Thomson committed
-