The URL matching function computes for two URLs whether they match not.
The match is performed by splitting up the URL into different parts and
then doing an exact comparison with the to-be-matched URL.
The main user of `urlmatch` is the configuration subsystem. It allows to
set certain configurations based on the URL which is being connected to
via keys like `http.<url>.*`. A common use case for this is to set
proxies for only some remotes which match the given URL. Unfortunately,
having exact matches for all parts of the URL can become quite tedious
in some setups. Imagine for example a corporate network where there are
dozens or even hundreds of subdomains, which would have to be configured
individually.
This commit introduces the ability to have regex-based URL matches. A
user can prefix a configuration key's URL with a question mark ('?') to
use regular expressions instead of exact matches in order to find all
matching URLs. A user can now simply add a key
`http.?http://.*\\.example\\.com.proxy` to set a proxy for all
subdomains of `example.com`. When no question mark is given as a prefix,
then the configuration subsystem will use the old algorithm based on
exact matches.
Signed-off-by: Patrick Steinhardt <patrick.steinhardt@xxxxxxxx>
---
Documentation/config.txt | 6 ++++-
t/t1300-repo-config.sh | 31 ++++++++++++++++++++++++++
urlmatch.c | 57 ++++++++++++++++++++++++++++++++++++++----------
3 files changed, 81 insertions(+), 13 deletions(-)
diff --git a/Documentation/config.txt b/Documentation/config.txt
index 506431267..23651b19e 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1906,7 +1906,11 @@ http.followRedirects::
http.<url>.*::
Any of the http.* options above can be applied selectively to some URLs.
- For a config key to match a URL, each element of the config key is
+ There are two different modes to match URLs: if the config key's URL is
+ prefixed with a `?`, it allows to make use of regular expressions. An
+ example for this is `http.?http://.*\\.example\\.com.*` to match all
+ subdomains of `example.com`.
+ If the key is not prefixed with a `?`, each element of the config key is
compared to that of the URL, in the following order:
+
--
diff --git a/t/t1300-repo-config.sh b/t/t1300-repo-config.sh
index 923bfc5a2..fbbc58304 100755
--- a/t/t1300-repo-config.sh
+++ b/t/t1300-repo-config.sh
@@ -1177,6 +1177,37 @@ test_expect_success 'urlmatch' '
test_cmp expect actual
'
+test_expect_success 'regex-based urlmatch' '
+ cat >.git/config <<-\EOF &&
+ [http]
+ sslVerify
+ [http "?https://.*\\.example\\.com";]
+ sslVerify = false
+ cookieFile = /tmp/cookie.txt
+ EOF
+
+ test_expect_code 1 git config --bool --get-urlmatch doesnt.exist https://good.example.com >actual &&
+ test_must_be_empty actual &&
+
+ test_expect_code 1 git config --bool --get-urlmatch doesnt.exist https://good-example.com >actual &&
+ test_must_be_empty actual &&
+
+ echo true >expect &&
+ git config --bool --get-urlmatch http.SSLverify https://example.com >actual &&
+ test_cmp expect actual &&
+
+ echo false >expect &&
+ git config --bool --get-urlmatch http.sslverify https://subdomain.example.com >actual &&
+ test_cmp expect actual &&
+
+ {
+ echo http.cookiefile /tmp/cookie.txt &&
+ echo http.sslverify false
+ } >expect &&
+ git config --get-urlmatch HTTP https://subdomain.example.com >actual &&
+ test_cmp expect actual
+'
+
# good section hygiene
test_expect_failure 'unsetting the last key in a section removes header' '
cat >.git/config <<-\EOF &&
diff --git a/urlmatch.c b/urlmatch.c
index 132d342bc..8ed5047e3 100644
--- a/urlmatch.c
+++ b/urlmatch.c
@@ -490,18 +490,51 @@ int urlmatch_config_entry(const char *var, const char *value, void *cb)
}
dot = strrchr(key, '.');
if (dot) {
- char *config_url, *norm_url;
- struct url_info norm_info;
-
- config_url = xmemdupz(key, dot - key);
- norm_url = url_normalize(config_url, &norm_info);
- free(config_url);
- if (!norm_url)
- return 0;
- matched_len = match_urls(url, &norm_info, &user_matched);
- free(norm_url);
- if (!matched_len)
- return 0;
+ /*
+ * When the configuration key's URL is prefixed
+ * with a '?', regular expressions are enabled to
+ * match the URL instead of the exact-match
+ * algorithm.
+ */
+ if (starts_with(key, "?")) {
+ char *config_url;
+ regex_t reg;
+ int status;
+
+ config_url = xmemdupz(key + 1, dot - key - 1);
+ if (regcomp(®, config_url, REG_EXTENDED)) {
+ warning(_("Cannot prepare URL regexp %s"),
+ config_url);
+ free(config_url);
+ return 0;
+ }
+
+ status = regexec(®, url->url, 0, NULL, 0);
+ free(config_url);
+ regfree(®);
+
+ if (status) {
+ if (status != REG_NOMATCH)
+ warning(_("regexec returned %d for input '%s'"),
+ status, url->url);
+
+ return 0;
+ }
+ } else {
+ char *config_url, *norm_url;
+ struct url_info norm_info;
+
+ config_url = xmemdupz(key, dot - key);
+ norm_url = url_normalize(config_url, &norm_info);
+ free(config_url);
+ if (!norm_url)
+ return 0;
+ matched_len = match_urls(url, &norm_info, &user_matched);
+ free(norm_url);
+ if (!matched_len)
+ return 0;
+ }
+
key = dot + 1;
}
--
2.11.0