[PATCH 2/2] config: allow specifying config entries via envvar pairs

[Patrick Steinhardt <ps@pks.im>]

[-- Attachment #1: Type: text/plain, Size: 5391 bytes --]

While not document, it is currently possible to specify config entries
via the environment by passing `GIT_CONFIG_PARAMETERS`. This variable is
expected to hold one or multiple "section.key=value" entries separated
by space.

Next to being undocumented, this way of passing config entries has a
major downside: the config keys need to be parsed. As such, it is left
to the user to escape any potentially harmful characters in the value,
which is quite hard to do if values are controlled by a third party.

This commit thus adds a new way of adding config entries via the
environment which doesn't require splitting of keys and values. The user
can specify an config entry's key via `GIT_CONFIG_KEY_$n` and a value
via `GIT_CONFIG_VALUE_$n`, where `n` is any number starting with 1. It
is possible to add multiple entries via consecutively numbered envvars
`GIT_CONFIG_KEY_1`, `GIT_CONFIG_KEY_2`, etc, where each of the keys may
have a matching value. When no matching value exists, it's assumed to be
the empty value.

While the same can be achieved with `git -c <name>=<value>`, one may
wish to not do so for potentially sensitive information. E.g. if one
wants to set `http.extraHeader` to contain an authentication token,
doing so via `-c` would trivially leak those credentials via e.g. ps(1),
which typically also shows command arguments.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
 Documentation/git-config.txt |  6 ++++++
 config.c                     | 41 ++++++++++++++++++++++++++----------
 t/t1300-config.sh            | 23 ++++++++++++++++++++
 3 files changed, 59 insertions(+), 11 deletions(-)

diff --git a/Documentation/git-config.txt b/Documentation/git-config.txt
index 7573160f21..83fbac3705 100644
--- a/Documentation/git-config.txt
+++ b/Documentation/git-config.txt
@@ -335,6 +335,12 @@ GIT_CONFIG_NOSYSTEM::
 	Whether to skip reading settings from the system-wide
 	$(prefix)/etc/gitconfig file. See linkgit:git[1] for details.
 
+GIT_CONFIG_KEY_1,GIT_CONFIG_VALUE_1::
+	Each pair of GIT_CONFIG_KEY_/GIT_CONFIG_VALUE_ is added to the process's
+	runtime configuration. It is possible to add multiple entries by adding
+	consecutively numbered pairs, starting at 1. If the value corresponding
+	to a key is not set, it is treated as if it was empty.
+
 See also <<FILES>>.
 
 
diff --git a/config.c b/config.c
index 3281b1374e..ab40479df2 100644
--- a/config.c
+++ b/config.c
@@ -485,37 +485,56 @@ int git_config_parse_parameter(const char *text,
 int git_config_from_parameters(config_fn_t fn, void *data)
 {
 	const char *env = getenv(CONFIG_DATA_ENVIRONMENT);
+	struct strbuf envvar = STRBUF_INIT;
 	int ret = 0;
-	char *envw;
+	char *envw = NULL;
 	const char **argv = NULL;
 	int nr = 0, alloc = 0;
 	int i;
 	struct config_source source;
 
-	if (!env)
-		return 0;
-
 	memset(&source, 0, sizeof(source));
 	source.prev = cf;
 	source.origin_type = CONFIG_ORIGIN_CMDLINE;
 	cf = &source;
 
-	/* sq_dequote will write over it */
-	envw = xstrdup(env);
+	if (env) {
+		/* sq_dequote will write over it */
+		envw = xstrdup(env);
 
-	if (sq_dequote_to_argv(envw, &argv, &nr, &alloc) < 0) {
-		ret = error(_("bogus format in %s"), CONFIG_DATA_ENVIRONMENT);
-		goto out;
+		if (sq_dequote_to_argv(envw, &argv, &nr, &alloc) < 0) {
+			ret = error(_("bogus format in %s"), CONFIG_DATA_ENVIRONMENT);
+			goto out;
+		}
+
+		for (i = 0; i < nr; i++) {
+			if (git_config_parse_parameter(argv[i], fn, data) < 0) {
+				ret = -1;
+				goto out;
+			}
+		}
 	}
 
-	for (i = 0; i < nr; i++) {
-		if (git_config_parse_parameter(argv[i], fn, data) < 0) {
+	for (i = 1; i; i++) {
+		const char *key, *value;
+
+		strbuf_addf(&envvar, "GIT_CONFIG_KEY_%d", i);
+		if ((key = getenv(envvar.buf)) == NULL)
+			break;
+		strbuf_reset(&envvar);
+
+		strbuf_addf(&envvar, "GIT_CONFIG_VALUE_%d", i);
+		value = getenv(envvar.buf);
+		strbuf_reset(&envvar);
+
+		if (config_parse_pair(key, value, fn, data) < 0) {
 			ret = -1;
 			goto out;
 		}
 	}
 
 out:
+	strbuf_release(&envvar);
 	free(argv);
 	free(envw);
 	cf = source.prev;
diff --git a/t/t1300-config.sh b/t/t1300-config.sh
index 825d9a184f..2ae9533aa8 100755
--- a/t/t1300-config.sh
+++ b/t/t1300-config.sh
@@ -1316,6 +1316,29 @@ test_expect_success 'detect bogus GIT_CONFIG_PARAMETERS' '
 		git config --get-regexp "env.*"
 '
 
+test_expect_success 'git config handles environment config pairs' '
+	GIT_CONFIG_KEY_1="pair.one" GIT_CONFIG_VALUE_1="foo" \
+		GIT_CONFIG_KEY_2="pair.two" GIT_CONFIG_VALUE_2="bar" \
+		GIT_CONFIG_KEY_4="pair.four" GIT_CONFIG_VALUE_4="not-parsed" \
+		git config --get-regexp "pair.*" >actual &&
+	cat >expect <<-EOF &&
+	pair.one foo
+	pair.two bar
+	EOF
+	test_cmp expect actual
+'
+
+test_expect_success 'git config copes with missing config pair value' '
+	GIT_CONFIG_KEY_1="pair.one" git config --get-regexp "pair.*" >actual &&
+	echo pair.one >expect &&
+	test_cmp expect actual
+'
+
+test_expect_success 'git config fails with invalid config pair key' '
+	test_must_fail env GIT_CONFIG_KEY_1= git config --list &&
+	test_must_fail env GIT_CONFIG_KEY_1=missing-section git config --list
+'
+
 test_expect_success 'git config --edit works' '
 	git config -f tmp test.value no &&
 	echo test.value=yes >expect &&
-- 
2.29.2


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]