From: Emily Shaffer <emilyshaffer@google.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Derrick Stolee <stolee@gmail.com>, git@vger.kernel.org
Subject: Re: [PATCH] bugreport: add tool to generate debugging info
Date: Thu, 15 Aug 2019 15:52:31 -0700 [thread overview]
Message-ID: <20190815225231.GD208753@google.com> (raw)
In-Reply-To: <xmqqy2zu4hrq.fsf@gitster-ct.c.googlers.com>
On Thu, Aug 15, 2019 at 07:36:57AM -0700, Junio C Hamano wrote:
> Derrick Stolee <stolee@gmail.com> writes:
>
> > Config options to consider stripping out:
> >
> > *url*
> > *pass* (anything "password" but also "sendmail.smtppass")
>
> Blacklisting? I wonder if users feel safer if these are limited to
> known-benign ones.
I think a whitelist of config options to print would grow stale
immediately, and the options we're missing would be very likely to be
configs to turn on new experimental features - which is probably what we
most want the bugreport for.
>
> >> + echo "[Configured Hooks]"
> >> + find "$GIT_DIR/hooks/" -type f | grep -v "\.sample$" | print_filenames_and_content
> >> + echo
> >
> > Remove the sample hooks, but focus on the others. Will this look like garbage if a hook
> > is a binary file?
>
> This makes me feel very nervous. $GIT_DIR/hooks/ are private and
> people can hardcode credentials in them; $GIT_DIR/hooks/pre-foo may
> be written toread from $GIT_DIR/hooks/mypassword with the knowledge
> that there won't be any "mypassword" hook.
Hmm. I think the list of valid hooks isn't one that changes often, but
it's also not enumerated in some machine-parseable way - it exists in
Documentation/githooks.txt but that's all. I'd still be a little worried
about bitrot... I think it's probably better to list the filenames in
$GIT_DIR/hooks but not print their contents. I'll modify it.
- Emily
next prev parent reply other threads:[~2019-08-15 22:52 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-15 2:34 [PATCH] bugreport: add tool to generate debugging info Emily Shaffer
2019-08-15 14:15 ` Derrick Stolee
2019-08-15 14:36 ` Junio C Hamano
2019-08-15 22:52 ` Emily Shaffer [this message]
2019-08-15 23:40 ` Junio C Hamano
2019-08-16 1:25 ` Emily Shaffer
2019-08-16 16:41 ` Junio C Hamano
2019-08-16 19:08 ` Emily Shaffer
2019-08-15 20:07 ` Johannes Schindelin
2019-08-15 22:24 ` Emily Shaffer
2019-08-16 20:19 ` Johannes Schindelin
2019-08-15 20:13 ` Emily Shaffer
2019-08-15 18:10 ` Junio C Hamano
2019-08-15 21:52 ` Emily Shaffer
2019-08-15 22:29 ` Junio C Hamano
2019-08-15 22:54 ` Emily Shaffer
2019-08-17 0:39 ` [PATCH v2 0/2] add git-bugreport tool Emily Shaffer
2019-08-17 0:39 ` [PATCH v2 1/2] bugreport: add tool to generate debugging info Emily Shaffer
2019-08-17 0:39 ` [PATCH v2 2/2] bugreport: generate config whitelist based on docs Emily Shaffer
2019-08-17 20:38 ` Martin Ågren
2019-08-21 17:40 ` Emily Shaffer
2019-10-25 2:51 ` [PATCH v3 0/9] add git-bugreport tool Emily Shaffer
2019-10-25 2:51 ` [PATCH v3 1/9] bugreport: add tool to generate debugging info Emily Shaffer
2019-10-29 20:29 ` Josh Steadmon
2019-11-16 3:11 ` Junio C Hamano
2019-11-19 20:25 ` Emily Shaffer
2019-11-19 23:24 ` Johannes Schindelin
2019-11-20 0:37 ` Junio C Hamano
2019-11-20 10:51 ` Johannes Schindelin
2019-11-19 23:31 ` Johannes Schindelin
2019-11-20 0:39 ` Junio C Hamano
2019-11-20 2:09 ` Emily Shaffer
2019-11-20 0:32 ` Junio C Hamano
2019-10-25 2:51 ` [PATCH v3 2/9] bugreport: generate config whitelist based on docs Emily Shaffer
2019-10-28 13:27 ` Johannes Schindelin
2019-10-25 2:51 ` [PATCH v3 3/9] bugreport: add version and system information Emily Shaffer
2019-10-28 13:49 ` Johannes Schindelin
2019-11-08 21:48 ` Emily Shaffer
2019-11-11 13:48 ` Johannes Schindelin
2019-11-14 21:42 ` Emily Shaffer
2019-10-29 20:43 ` Josh Steadmon
2019-10-25 2:51 ` [PATCH v3 4/9] bugreport: add config values from whitelist Emily Shaffer
2019-10-28 14:14 ` Johannes Schindelin
2019-12-11 20:48 ` Emily Shaffer
2019-12-15 17:30 ` Johannes Schindelin
2019-10-29 20:58 ` Josh Steadmon
2019-10-30 1:37 ` Junio C Hamano
2019-11-14 21:55 ` Emily Shaffer
2019-10-25 2:51 ` [PATCH v3 5/9] bugreport: collect list of populated hooks Emily Shaffer
2019-10-28 14:31 ` Johannes Schindelin
2019-12-11 20:51 ` Emily Shaffer
2019-12-15 17:40 ` Johannes Schindelin
2019-10-25 2:51 ` [PATCH v3 6/9] bugreport: count loose objects Emily Shaffer
2019-10-28 15:07 ` Johannes Schindelin
2019-12-10 22:34 ` Emily Shaffer
2019-10-29 21:18 ` Josh Steadmon
2019-10-25 2:51 ` [PATCH v3 7/9] bugreport: add packed object summary Emily Shaffer
2019-10-28 15:43 ` Johannes Schindelin
2019-12-11 0:29 ` Emily Shaffer
2019-12-11 13:37 ` Johannes Schindelin
2019-12-11 20:52 ` Emily Shaffer
2019-10-25 2:51 ` [PATCH v3 8/9] bugreport: list contents of $OBJDIR/info Emily Shaffer
2019-10-28 15:51 ` Johannes Schindelin
2019-10-25 2:51 ` [PATCH v3 9/9] bugreport: print contents of alternates file Emily Shaffer
2019-10-28 15:57 ` Johannes Schindelin
2019-11-19 20:40 ` Emily Shaffer
2019-10-29 1:54 ` [PATCH v3 0/9] add git-bugreport tool Junio C Hamano
2019-10-29 11:13 ` Johannes Schindelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190815225231.GD208753@google.com \
--to=emilyshaffer@google.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=stolee@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.