On Thu, 16 Nov 2017 18:07:41 +0000 Jeff Hostetler <git@xxxxxxxxxxxxxxxxx> wrote: > +/* > + * Return 1 if the given string needs armoring because of "special" > + * characters that may cause injection problems when a command passes > + * the argument to a subordinate command (such as when upload-pack > + * launches pack-objects). > + * > + * The usual alphanumeric and key punctuation do not trigger it. > + */ > +static int arg_needs_armor(const char *arg) First of all, about the injection problem, replying to your previous e-mail [1]: https://public-inbox.org/git/61855872-221b-0e97-abaa-24a011ad899e@xxxxxxxxxxxxxxxxx/ > I couldn't use quote.[ch] because it is more concerned with > quoting pathnames because of LF and CR characters within > them -- rather than semicolons and quotes and the like which > I was concerned about. sq_quote_buf() (or one of the other similarly-named functions) should solve this problem, right? The single quotes around the argument takes care of LF, CR, and semicolons, and things like backslashes and quotes are taken care of as documented. I don't think we need to invent another encoding to solve this. > +{ > + const unsigned char *p; > + > + for (p = (const unsigned char *)arg; *p; p++) { > + if (*p >= 'a' && *p <= 'z') > + continue; > + if (*p >= 'A' && *p <= 'Z') > + continue; > + if (*p >= '0' && *p <= '9') > + continue; > + if (*p == '-' || *p == '_' || *p == '.' || *p == '/') > + continue; If we do take this approach, can ':' also be included? > + if (skip_prefix(arg, "sparse:oid=", &v0)) { > + struct object_context oc; > + struct object_id sparse_oid; > + > + /* > + * Try to parse <oid-expression> into an OID for the current > + * command, but DO NOT complain if we don't have the blob or > + * ref locally. > + */ > + if (!get_oid_with_context(v0, GET_OID_BLOB, > + &sparse_oid, &oc)) > + filter_options->sparse_oid_value = oiddup(&sparse_oid); > + filter_options->choice = LOFC_SPARSE_OID; > + if (arg_needs_armor(v0)) > + filter_options->requires_armor = v0 - arg; > + return 0; > + } In your previous e-mail, you mentioned: > yes. I always pass filter_options.raw_value over the wire. > The code above tries to parse it and put it in an OID for > private use by the current process -- just like the size limit > value in the blob:limit filter. So I think this function should complain if you don't have the blob or ref locally. (I envision that if a filter string is to be directly sent to a server, it should be stored as a string, not processed by this function first.)
