From: Zeger-Jan van de Weg <git@zjvandeweg.nl>
To: git@vger.kernel.org
Cc: Zeger-Jan van de Weg <git@zjvandeweg.nl>
Subject: [PATCH 1/1] Git config allows value setting from stdin
Date: Tue, 17 Sep 2019 15:31:35 +0200 [thread overview]
Message-ID: <20190917133135.190145-2-git@zjvandeweg.nl> (raw)
In-Reply-To: <20190917133135.190145-1-git@zjvandeweg.nl>
When setting values in the git config, the value is part of the
arguments for execution. This potentially leaks the value through
logging, or other programs like `ps`.
Prior to this change, there was no option to do this. This change adds
the `--stdin` to be combined with `--add`. When passed, the value cannot
be passed and is read through stdin.
Signed-off-by: Zeger-Jan van de Weg <git@zjvandeweg.nl>
---
Documentation/git-config.txt | 5 ++++-
builtin/config.c | 23 +++++++++++++++++++++--
t/t1300-config.sh | 11 +++++++++++
3 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/Documentation/git-config.txt b/Documentation/git-config.txt
index ff9310f958..e6e7f6b60b 100644
--- a/Documentation/git-config.txt
+++ b/Documentation/git-config.txt
@@ -10,7 +10,7 @@ SYNOPSIS
--------
[verse]
'git config' [<file-option>] [--type=<type>] [--show-origin] [-z|--null] name [value [value_regex]]
-'git config' [<file-option>] [--type=<type>] --add name value
+'git config' [<file-option>] [--type=<type>] --add [--stdin] name [value]
'git config' [<file-option>] [--type=<type>] --replace-all name value [value_regex]
'git config' [<file-option>] [--type=<type>] [--show-origin] [-z|--null] --get name [value_regex]
'git config' [<file-option>] [--type=<type>] [--show-origin] [-z|--null] --get-all name [value_regex]
@@ -212,6 +212,9 @@ Valid `<type>`'s include:
output without getting confused e.g. by values that
contain line breaks.
+--stdin::
+ Instead passing in the value as argument, read the value from stdin.
+
--name-only::
Output only the names of config variables for `--list` or
`--get-regexp`.
diff --git a/builtin/config.c b/builtin/config.c
index 98d65bc0ad..ea6fb0168c 100644
--- a/builtin/config.c
+++ b/builtin/config.c
@@ -30,6 +30,7 @@ static struct git_config_source given_config_source;
static int actions, type;
static char *default_value;
static int end_null;
+static int stdin_input;
static int respect_includes_opt = -1;
static struct config_options config_options;
static int show_origin;
@@ -152,6 +153,7 @@ static struct option builtin_config_options[] = {
OPT_CALLBACK_VALUE(0, "expiry-date", &type, N_("value is an expiry date"), TYPE_EXPIRY_DATE),
OPT_GROUP(N_("Other")),
OPT_BOOL('z', "null", &end_null, N_("terminate values with NUL byte")),
+ OPT_BOOL(0, "stdin", &stdin_input, N_("allow input from stdin when setting a value")),
OPT_BOOL(0, "name-only", &omit_values, N_("show variable names only")),
OPT_BOOL(0, "includes", &respect_includes_opt, N_("respect include directives on lookup")),
OPT_BOOL(0, "show-origin", &show_origin, N_("show origin of config (file, standard input, blob, command line)")),
@@ -719,6 +721,9 @@ int cmd_config(int argc, const char **argv, const char *prefix)
usage_builtin_config();
}
+ if (actions != ACTION_ADD && stdin_input)
+ die(_("--stdin has to be combined with --add"));
+
if (actions & PAGING_ACTIONS)
setup_auto_pager("config", 1);
@@ -784,8 +789,22 @@ int cmd_config(int argc, const char **argv, const char *prefix)
}
else if (actions == ACTION_ADD) {
check_write();
- check_argc(argc, 2, 2);
- value = normalize_value(argv[0], argv[1]);
+
+ if (stdin_input) {
+ struct strbuf input = STRBUF_INIT;
+ check_argc(argc, 1, 1);
+ if (strbuf_read_once(&input, 0, 1000) < 0)
+ die_errno("could not read from stdin");
+
+ strbuf_trim_trailing_newline(&input);
+ value = normalize_value(argv[0], input.buf);
+ strbuf_release(&input);
+ }
+ else {
+ check_argc(argc, 2, 2);
+ value = normalize_value(argv[0], argv[1]);
+ }
+
UNLEAK(value);
return git_config_set_multivar_in_file_gently(given_config_source.file,
argv[0], value,
diff --git a/t/t1300-config.sh b/t/t1300-config.sh
index 428177c390..d78abf85ee 100755
--- a/t/t1300-config.sh
+++ b/t/t1300-config.sh
@@ -380,6 +380,17 @@ test_expect_success '--add' '
test_cmp expect output
'
+test_expect_success '--add with --stdin' '
+ echo true | git config --add --stdin foo.mepmep &&
+ git config --get foo.mepmep >output &&
+ echo true >expect &&
+ test_cmp expect output
+'
+
+test_expect_success '--stdin without --add' '
+ test_expect_code 128 git config --stdin foo.mepmep
+'
+
cat > .git/config << EOF
[novalue]
variable
--
2.23.0
next prev parent reply other threads:[~2019-09-17 13:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-17 13:31 [PATCH 0/1] git-config --add allows values from stdin Zeger-Jan van de Weg
2019-09-17 13:31 ` Zeger-Jan van de Weg [this message]
2019-09-17 16:59 ` [PATCH 1/1] Git config allows value setting " Junio C Hamano
2019-09-22 3:11 ` [PATCH 0/1] git-config --add allows values " Taylor Blau
2019-09-23 9:46 ` Phillip Wood
2019-09-23 11:45 ` SZEDER Gábor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190917133135.190145-2-git@zjvandeweg.nl \
--to=git@zjvandeweg.nl \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.