On Thu, Aug 15, 2019 at 07:36:57AM -0700, Junio C Hamano wrote: > Derrick Stolee <stolee@xxxxxxxxx> writes: > > > Config options to consider stripping out: > > > > *url* > > *pass* (anything "password" but also "sendmail.smtppass") > > Blacklisting? I wonder if users feel safer if these are limited to > known-benign ones. I think a whitelist of config options to print would grow stale immediately, and the options we're missing would be very likely to be configs to turn on new experimental features - which is probably what we most want the bugreport for. > > >> + echo "[Configured Hooks]" > >> + find "$GIT_DIR/hooks/" -type f | grep -v "\.sample$" | print_filenames_and_content > >> + echo > > > > Remove the sample hooks, but focus on the others. Will this look like garbage if a hook > > is a binary file? > > This makes me feel very nervous. $GIT_DIR/hooks/ are private and > people can hardcode credentials in them; $GIT_DIR/hooks/pre-foo may > be written toread from $GIT_DIR/hooks/mypassword with the knowledge > that there won't be any "mypassword" hook. Hmm. I think the list of valid hooks isn't one that changes often, but it's also not enumerated in some machine-parseable way - it exists in Documentation/githooks.txt but that's all. I'd still be a little worried about bitrot... I think it's probably better to list the filenames in $GIT_DIR/hooks but not print their contents. I'll modify it. - Emily
