You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6bc3079c00
This PR follows #21535 (and replace #22592) ## Review without space diff https://github.com/go-gitea/gitea/pull/22678/files?diff=split&w=1 ## Purpose of this PR 1. Make git module command completely safe (risky user inputs won't be passed as argument option anymore) 2. Avoid low-level mistakes like https://github.com/go-gitea/gitea/pull/22098#discussion_r1045234918 3. Remove deprecated and dirty `CmdArgCheck` function, hide the `CmdArg` type 4. Simplify code when using git command ## The main idea of this PR * Move the `git.CmdArg` to the `internal` package, then no other package except `git` could use it. Then developers could never do `AddArguments(git.CmdArg(userInput))` any more. * Introduce `git.ToTrustedCmdArgs`, it's for user-provided and already trusted arguments. It's only used in a few cases, for example: use git arguments from config file, help unit test with some arguments. * Introduce `AddOptionValues` and `AddOptionFormat`, they make code more clear and simple: * Before: `AddArguments("-m").AddDynamicArguments(message)` * After: `AddOptionValues("-m", message)` * - * Before: `AddArguments(git.CmdArg(fmt.Sprintf("--author='%s <%s>'", sig.Name, sig.Email)))` * After: `AddOptionFormat("--author='%s <%s>'", sig.Name, sig.Email)` ## FAQ ### Why these changes were not done in #21535 ? #21535 is mainly a search&replace, it did its best to not change too much logic. Making the framework better needs a lot of changes, so this separate PR is needed as the second step. ### The naming of `AddOptionXxx` According to git's manual, the `--xxx` part is called `option`. ### How can it guarantee that `internal.CmdArg` won't be not misused? Go's specification guarantees that. Trying to access other package's internal package causes compilation error. And, `golangci-lint` also denies the git/internal package. Only the `git/command.go` can use it carefully. ### There is still a `ToTrustedCmdArgs`, will it still allow developers to make mistakes and pass untrusted arguments? Generally speaking, no. Because when using `ToTrustedCmdArgs`, the code will be very complex (see the changes for examples). Then developers and reviewers can know that something might be unreasonable. ### Why there was a `CmdArgCheck` and why it's removed? At the moment of #21535, to reduce unnecessary changes, `CmdArgCheck` was introduced as a hacky patch. Now, almost all code could be written as `cmd := NewCommand(); cmd.AddXxx(...)`, then there is no need for `CmdArgCheck` anymore. ### Why many codes for `signArg == ""` is deleted? Because in the old code, `signArg` could never be empty string, it's either `-S[key-id]` or `--no-gpg-sign`. So the `signArg == ""` is just dead code. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
1 year ago | |
|---|---|---|
| .. | ||
| actions | 1 year ago | |
| activitypub | 2 years ago | |
| analyze | 2 years ago | |
| auth | 1 year ago | |
| avatar | 2 years ago | |
| base | 2 years ago | |
| cache | 2 years ago | |
| charset | 1 year ago | |
| container | 2 years ago | |
| context | 1 year ago | |
| csv | 2 years ago | |
| doctor | 1 year ago | |
| emoji | 1 year ago | |
| eventsource | 2 years ago | |
| generate | 2 years ago | |
| git | 1 year ago | |
| gitgraph | 1 year ago | |
| graceful | 2 years ago | |
| hcaptcha | 1 year ago | |
| highlight | 2 years ago | |
| hostmatcher | 2 years ago | |
| html | 2 years ago | |
| httpcache | 1 year ago | |
| httplib | 2 years ago | |
| indexer | 2 years ago | |
| issue/template | 1 year ago | |
| json | 2 years ago | |
| lfs | 2 years ago | |
| log | 1 year ago | |
| markup | 1 year ago | |
| mcaptcha | 2 years ago | |
| metrics | 2 years ago | |
| migration | 1 year ago | |
| mirror | 2 years ago | |
| nosql | 2 years ago | |
| notification | 1 year ago | |
| options | 2 years ago | |
| packages | 1 year ago | |
| paginator | 2 years ago | |
| password | 1 year ago | |
| pprof | 2 years ago | |
| private | 1 year ago | |
| process | 1 year ago | |
| proxy | 2 years ago | |
| proxyprotocol | 2 years ago | |
| public | 2 years ago | |
| queue | 2 years ago | |
| recaptcha | 2 years ago | |
| references | 1 year ago | |
| regexplru | 2 years ago | |
| repository | 1 year ago | |
| secret | 2 years ago | |
| session | 2 years ago | |
| setting | 1 year ago | |
| sitemap | 2 years ago | |
| ssh | 2 years ago | |
| storage | 1 year ago | |
| structs | 1 year ago | |
| svg | 2 years ago | |
| sync | 2 years ago | |
| system | 2 years ago | |
| templates | 1 year ago | |
| test | 2 years ago | |
| timeutil | 2 years ago | |
| translation | 2 years ago | |
| typesniffer | 2 years ago | |
| updatechecker | 2 years ago | |
| upload | 2 years ago | |
| uri | 2 years ago | |
| user | 2 years ago | |
| util | 1 year ago | |
| validation | 2 years ago | |
| watcher | 2 years ago | |
| web | 2 years ago | |
| webhook | 2 years ago | |