From f20163ef7d050adf416f5951c102d8835e1b0dd5 Mon Sep 17 00:00:00 2001 From: Johannes Schlatow Date: Tue, 29 Nov 2011 22:35:03 +0100 Subject: [PATCH 1/4] Bug - Fixed bug that marked config variables {push,pull,merge}.*.uri as "unrecognized". --- src/commands/CmdShow.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/commands/CmdShow.cpp b/src/commands/CmdShow.cpp index ee66461e3..c783ae9b1 100644 --- a/src/commands/CmdShow.cpp +++ b/src/commands/CmdShow.cpp @@ -226,6 +226,9 @@ int CmdShow::execute (std::string& output) i->substr (0, 7) != "report." && i->substr (0, 6) != "alias." && i->substr (0, 5) != "hook." && + i->substr (0, 5) != "push." && + i->substr (0, 5) != "pull." && + i->substr (0, 6) != "merge." && i->substr (0, 21) != "urgency.user.project." && i->substr (0, 17) != "urgency.user.tag.") { From edad4d2ee60c6b4a5f822112d3b9a0cc7d0424be Mon Sep 17 00:00:00 2001 From: Johannes Schlatow Date: Tue, 29 Nov 2011 22:38:33 +0100 Subject: [PATCH 2/4] Feature #881 - Passwords in URIs will now be obscured (affects the commands show, merge, pull and push) --- src/Uri.cpp | 14 ++++++++++---- src/commands/CmdShow.cpp | 14 +++++++++++++- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/src/Uri.cpp b/src/Uri.cpp index a0ddd27fc..c74fee390 100644 --- a/src/Uri.cpp +++ b/src/Uri.cpp @@ -199,12 +199,18 @@ std::string Uri::ToString () return _data; std::string result; - // strip password from _user - std::string::size_type pos = _user.find (":"); result = _protocol + "://"; - if (_user.length () > 0) - result += _user.substr (0, pos) + "@"; + if (_user.length () > 0) { + // obscure password in _user + std::string::size_type pos = _user.find (":"); + if (pos != std::string::npos) { + std::string::size_type len = _user.length () - pos - 1; + result += _user.replace (pos+1, len, len, '*') + "@"; + } + else + result += _user + "@"; + } result += _host; diff --git a/src/commands/CmdShow.cpp b/src/commands/CmdShow.cpp index c783ae9b1..27cc2ebad 100644 --- a/src/commands/CmdShow.cpp +++ b/src/commands/CmdShow.cpp @@ -38,6 +38,7 @@ #include #include #include +#include extern Context context; @@ -276,9 +277,20 @@ int CmdShow::execute (std::string& output) else if (std::find (default_values.begin (), default_values.end (), *i) != default_values.end ()) color = warning; + std::string value = context.config.get (*i); + // hide sensible information + if ( (i->substr (0, 5) == "push." || + i->substr (0, 5) == "pull." || + i->substr (0, 6) == "merge.") && (i->find (".uri") != std::string::npos) ) { + + Uri uri (value); + uri.parse (); + value = uri.ToString (); + } + int row = view.addRow (); view.set (row, 0, *i, color); - view.set (row, 1, context.config.get (*i), color); + view.set (row, 1, value, color); } } From d8d2060b3953a2b52bc66847672458233afc162a Mon Sep 17 00:00:00 2001 From: Johannes Schlatow Date: Wed, 30 Nov 2011 00:12:20 +0100 Subject: [PATCH 3/4] Bug #871 - Fixed escaping of spaces for scp and curl --- src/Transport.cpp | 16 +++++++++++++++ src/TransportCurl.cpp | 18 +++++++++-------- src/TransportSSH.cpp | 9 +++++---- src/util.cpp | 47 +++++++++++++++++++++++++++++++++---------- src/util.h | 2 ++ 5 files changed, 69 insertions(+), 23 deletions(-) diff --git a/src/Transport.cpp b/src/Transport.cpp index 332dbad34..0ae152ffc 100644 --- a/src/Transport.cpp +++ b/src/Transport.cpp @@ -72,6 +72,22 @@ Transport* Transport::getTransport(const Uri& uri) //////////////////////////////////////////////////////////////////////////////// int Transport::execute() { + // quote arguments + std::vector::iterator it = _arguments.begin (); + for (; it != _arguments.end (); it++) + { + // quote until the first appearance of '{' + size_t pos = it->find('{'); + if (pos != 0) + { + // '{' is not the first character + it->insert(0, "\""); + if (pos != std::string::npos) + it->insert(pos+1, "\""); + else + it->append("\""); + } + } return ::execute(_executable, _arguments); } diff --git a/src/TransportCurl.cpp b/src/TransportCurl.cpp index f9a34d1e3..8a75e063d 100644 --- a/src/TransportCurl.cpp +++ b/src/TransportCurl.cpp @@ -63,12 +63,12 @@ void TransportCurl::send(const std::string& source) throw format (STRING_TRANSPORT_URI_NODIR, _uri._path); _arguments.push_back ("-T"); - _arguments.push_back ("\"" + source + "\""); + _arguments.push_back ("\"" + escape (source, ' ') + "\""); } else { _arguments.push_back ("-T"); - _arguments.push_back (source); + _arguments.push_back (escape (source, ' ')); } // cmd line is: curl -T source protocol://host:port/path @@ -103,6 +103,7 @@ void TransportCurl::recv(std::string target) _arguments.push_back(_uri._user); } + std::vector targetargs; if (is_filelist(_uri._path)) { @@ -124,15 +125,16 @@ void TransportCurl::recv(std::string target) suffix = toSplit.substr (pos+1); split (splitted, toSplit.substr(0, pos), ','); - target = ""; - std::vector ::iterator file; - for (file = splitted.begin (); file != splitted.end (); ++file) - target += " -o " + prefix + *file + suffix; + for (file = splitted.begin (); file != splitted.end (); ++file) { + targetargs.push_back ("-o"); + targetargs.push_back (prefix + *file + suffix); + } } else { - target = "-o " + target; + targetargs.push_back ("-o"); + targetargs.push_back (target); } // cmd line is: curl protocol://host:port/path/to/source/file -o path/to/target/file @@ -145,7 +147,7 @@ void TransportCurl::recv(std::string target) _arguments.push_back (_uri._protocol + "://" + _uri._host + "/" + _uri._path); } - _arguments.push_back (target); + _arguments.insert (_arguments.end (), targetargs.begin (), targetargs.end ()); int result = execute(); if (result) diff --git a/src/TransportSSH.cpp b/src/TransportSSH.cpp index 239573be0..2806d3e0b 100644 --- a/src/TransportSSH.cpp +++ b/src/TransportSSH.cpp @@ -31,6 +31,7 @@ #include #include #include +#include //////////////////////////////////////////////////////////////////////////////// TransportSSH::TransportSSH(const Uri& uri) : Transport(uri) @@ -60,11 +61,11 @@ void TransportSSH::send(const std::string& source) if (_uri._user != "") { - _arguments.push_back (_uri._user + "@" + _uri._host + ":" + _uri._path); + _arguments.push_back (_uri._user + "@" + _uri._host + ":" + escape (_uri._path, ' ')); } else { - _arguments.push_back (_uri._host + ":" + _uri._path); + _arguments.push_back (_uri._host + ":" + escape (_uri._path, ' ')); } if (execute()) @@ -91,11 +92,11 @@ void TransportSSH::recv(std::string target) if (_uri._user != "") { - _arguments.push_back (_uri._user + "@" + _uri._host + ":" + _uri._path); + _arguments.push_back (_uri._user + "@" + _uri._host + ":" + escape (_uri._path, ' ')); } else { - _arguments.push_back (_uri._host + ":" + _uri._path); + _arguments.push_back (_uri._host + ":" + escape (_uri._path, ' ')); } _arguments.push_back (target); diff --git a/src/util.cpp b/src/util.cpp index 9b0015cf4..1d097316f 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -405,22 +405,26 @@ int execute(const std::string& executable, std::vector arguments) if (executable == "") return -1; + // create command line before forking because the parent process also needs this for + // calling context.debug() + char shell[] = "bash"; + char opt[] = "-c"; + + std::string cmdline = executable; + + std::vector ::iterator it; + for (it = arguments.begin(); it != arguments.end(); ++it) + { + cmdline += " " + (std::string)*it; + } + + context.debug ("Executing: " + std::string(shell) + " " + std::string(opt) + " " + cmdline); + pid_t child_pid = fork(); if (child_pid == 0) { // this is done by the child process - char shell[] = "bash"; - char opt[] = "-c"; - - std::string cmdline = executable; - - std::vector ::iterator it; - for (it = arguments.begin(); it != arguments.end(); ++it) - { - cmdline += " " + (std::string)*it; - } - char** argv = new char*[4]; argv[0] = shell; // bash argv[1] = opt; // -c @@ -534,6 +538,27 @@ const std::string decode (const std::string& value) return modified; } +//////////////////////////////////////////////////////////////////////////////// +// Escapes any unescaped character of type c within the given string +// e.g. ' ' -> '\ ' +const std::string escape (const std::string& value, char c) +{ + std::string modified = value; + char tmp[2] = {c, '\0'}; + std::string search = tmp; + std::string replace = "\\" + search; + + std::string::size_type pos = modified.find (search); + while (pos != std::string::npos) { + if ( modified[pos-1] != '\\' ) + modified.replace (pos, 1, replace); + + pos = modified.find (search, pos+1); + } + + return modified; +} + //////////////////////////////////////////////////////////////////////////////// diff --git a/src/util.h b/src/util.h index 63a020979..397aebec9 100644 --- a/src/util.h +++ b/src/util.h @@ -80,5 +80,7 @@ unsigned burndown_size (unsigned ntasks); const std::string encode (const std::string&); const std::string decode (const std::string&); +const std::string escape (const std::string&, char); + #endif //////////////////////////////////////////////////////////////////////////////// From 38aef0d8b42f71d7f9eef971256a9a28ed07a6bb Mon Sep 17 00:00:00 2001 From: Johannes Schlatow Date: Wed, 30 Nov 2011 00:15:08 +0100 Subject: [PATCH 4/4] Bug - Fixed that 'ssh://host/~/path' was wrongly translated into scp syntax; it must be 'host:~/path' instead of 'host:/~/path' --- src/Uri.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Uri.cpp b/src/Uri.cpp index c74fee390..0bc02ca78 100644 --- a/src/Uri.cpp +++ b/src/Uri.cpp @@ -294,7 +294,7 @@ void Uri::parse () } // path is absolute for ssh:// syntax - if ( (_protocol == "ssh") && (pathDelimiter == "/") ) + if ( (_protocol == "ssh") && (pathDelimiter == "/") && (_path[0] != '~') ) { _path = "/" + _path; }