mbox series

[RFC,v6,0/2] credential-store: prevent fatal errors

Message ID 20200429203546.56753-1-carenas@gmail.com (mailing list archive)
Headers show
Series credential-store: prevent fatal errors | expand

Message

Carlo Marcelo Arenas Belón April 29, 2020, 8:35 p.m. UTC 
with the added checks for invalid URLs in credentials, any locally
modified store files which might have empty lines or even comments
were reported[1] as failing to parse as valid credentials.

document better the format for the credential file and make sure
any failures are still handled gently by the new code to avoid
regressions but make sure that any invalid credentials are flagged
as such instead of being silently ignored.

ideally would like to add a test against the use of cert:// to make
sure that is still well supported but don't know of any use case or
if it is being used with store (AFAIK, it could and at least in theory
it should still work fine with the added validations), hence sending
this as an RFC.

also, there is no real reason to have 2 patches but I am keeping them
separated because the first one should be AFAIK otherwise almost ready.

but considering that we are validating since v4 against a missing
protocol and printing a warning since v5, it seems we should then
fully avoid all those silently ignored issues as well (as shown in
patch 2) which I hope we could squash and release together (if agreed)

[1] https://stackoverflow.com/a/61420852/5005936

Carlo Marcelo Arenas Belón (2):
  credential-store: warn instead of fatal for bogus lines from store
  credential-store: warn for any incomplete credentials instead of using

---
v6:
* get rid of redacter and only use line number for context
* make validation more strict to also catch incomplete credentials
v5:
* q_to_tab this round, with a single echo to make sure empty line
  is covered, as that seems to be a popular issue
* rebase on top of jc/credential-store-file-format-doc
* implement a redacter for credentials to use on errors to avoid
  leaking passwordss
v4:
* use credential_from_url_gently instead as shown by Jonathan
* add documentation to clarify "comments" is not a supported feature
v3:
* avoid using q_to_cr as suggested by Peff
* a more verbose commit message and slightly more complete documentation
v2:
* use a here-doc for clarity as suggested by Eric
* improve commit message and include documentation

 Documentation/git-credential-store.txt | 12 +++-
 credential-store.c                     | 23 +++++---
 t/t0302-credential-store.sh            | 80 ++++++++++++++++++++++++++
 3 files changed, 105 insertions(+), 10 deletions(-)


base-commit: 272281efcc18fcedd248597b8859f343cae1c5a0