Git command DSL
Closes #1847 (closed)
This change introduces a simple Domain Specific Language (DSL) for forming Git commands. The intention is to provide a more robust validation system to prevent flag injection exploits.
The following "unsafe" functions now have a "safe" version that uses this DSL:
-
git.Command
->git.SafeCmd
-
git.BareCommand
->git.SafeBareCmd
-
git.CommandWithoutRepo
->git.SafeCmdWithoutRepo
-
git.StdinCommand
->git.SafeStdinCmd
The next step is to deprecate the usage of the "unsafe" functions: !1480 (merged)
Then, replace the deprecated functions with the "safe" version. One RPC, RepositoryService.GarbageCollect
, already has this done for demonstration purposes (see the files gc.go
and repack.go
).
Closes #1991 (closed)
Closes #1996 (closed)
Edited by 🤖 GitLab Bot 🤖