"Derrick Stolee via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes:
> +static int fetch_bundle_list_in_config_format(struct repository *r,
> + struct bundle_list *global_list,
> + struct remote_bundle_info *bundle,
> + int depth)
> +{
> + int result;
> + struct bundle_list list_from_bundle;
> +
> + init_bundle_list(&list_from_bundle);
> +
> + if ((result = bundle_uri_parse_config_format(bundle->uri,
> + bundle->file,
> + &list_from_bundle)))
> + goto cleanup;
It makes us a bit nervous to apply the config parser directly on
data controlled by a third-party. bundle_uri_parse_config_format()
hopefully is careful enough to avoid including other local files and
call generic callbacks to affect the actual configuration used by
the process.
It seems bundle_list_update() discards everything it does not (care
to) understand, and safe to call from config_to_bundle_list(), which
in turn is called from here.
OK.
