From patchwork Wed Jun 24 01:28:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Emily Shaffer X-Patchwork-Id: 11622179 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 96A101392 for ; Wed, 24 Jun 2020 01:28:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 798B92100A for ; Wed, 24 Jun 2020 01:28:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fzlQTfDz" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388329AbgFXB2m (ORCPT ); Tue, 23 Jun 2020 21:28:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43474 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387842AbgFXB2l (ORCPT ); Tue, 23 Jun 2020 21:28:41 -0400 Received: from mail-qk1-x749.google.com (mail-qk1-x749.google.com [IPv6:2607:f8b0:4864:20::749]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA53CC061573 for ; Tue, 23 Jun 2020 18:28:39 -0700 (PDT) Received: by mail-qk1-x749.google.com with SMTP id a6so491280qka.9 for ; Tue, 23 Jun 2020 18:28:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc:content-transfer-encoding; bh=cbbZ03JAed4KSzxAWI1X2NwX3CIOsNSegF7JwVFCaO8=; b=fzlQTfDz7u9AuhKCNkOmtUe/JANV+4w3iaLOa2g5qHlHKWgzNA4DXAQOXmm+AlDqWu HUmf+ZmPHTigRX4D3+VmF96HNAEqYNUw/nPX0PKkbq8od9Y/eqwzvMCMDN6wFTof7Al5 pq3jdKI1L7dR8WTBtTuOcfPE2cBDXmkIaF9gDzYiIqEr8PFZIcxYqrsW1gIt7vOANVig Ohf/+eXR339Sm217Vd/ezIKQoMTnx2U6hB3btZv8IV0YuhUc1ajNnEUq2UqLmoaawmAR EHwuyeSSwInq7hWUYEj/iTc75dOPWnhuaNGiXQ5qhOCwcF/05nMY4CyoSZAW3AMjfNKS IvDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc:content-transfer-encoding; bh=cbbZ03JAed4KSzxAWI1X2NwX3CIOsNSegF7JwVFCaO8=; b=gej9DNRB4+XAEuzanQMw+jVDh8sdQiGM63kFkYr+Kt3JlMbB2BWqfJz+DblVMXF5mM 5WEZS2Su6o95NrZM267/vVzf178lYugrr0bd6PNk0BmM2gU0qjfWXzPCbsIUoAfCJvN+ DgQuCUC0s4kgjxFRbgA98aKy0roARcNtb5XOICMfRuvWOFTwEBXPmVADP9tx873n/oUP lTHen/Od6snW5uDOL3PtDmNl4Fv4PW+YYW3d48q0H49s49refKkyEXe/iCdhAU6Zp2Jq e+sIvD8CGoGiwAy+vSg2ZIrf3WbDAe2sYXvXDtUG43/CWgTdpYcd6CjDfnLlCOjgO5eZ 4HiQ== X-Gm-Message-State: AOAM531zFicZZ/01QS88j28tP3/gywLv72f2IkJVbS0NUmnvwZzwKcUT ISA7R24rYS91xUIOynw+PJ+RpudbuTgF9DOie4gns4luI9mTprDHFofF1yWzWQ80zE/pF5B0eRK G3oXIhn7VafGy44CIqTqmT5H2r13vP36BgSPS4hulOFAXaB09qGVa1ZhNCD7we5mlTY1ak47IGw == X-Google-Smtp-Source: ABdhPJxsLfy/TuRpbOZapdk0UCHNrvs1NFU0tKcAMCRRtKg+7sONYOaCOegZNa4LMaYIzDVQYnW00JQ2U+XRAer2vC8= X-Received: by 2002:ad4:4a6e:: with SMTP id cn14mr27998479qvb.79.1592962118999; Tue, 23 Jun 2020 18:28:38 -0700 (PDT) Date: Tue, 23 Jun 2020 18:28:26 -0700 In-Reply-To: <20200624012827.34126-1-emilyshaffer@google.com> Message-Id: <20200624012827.34126-2-emilyshaffer@google.com> Mime-Version: 1.0 References: <20200624012827.34126-1-emilyshaffer@google.com> X-Mailer: git-send-email 2.27.0.111.gc72c7da667-goog Subject: [PATCH 1/2] bugreport: generate config safelist based on docs From: Emily Shaffer To: git@vger.kernel.org Cc: Emily Shaffer , " =?utf-8?q?Martin_=C3=85gren?= " , Johannes Schindelin Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Add a new step to the build to generate a safelist of git-config variables which are appropriate to include in the output of git-bugreport. New variables can be added to the safelist by annotating their documentation in Documentation/config with the "annotate" macro, which is a no-op in AsciiDoc and AsciiDoctor. Some configs are private in nature, and can contain remote URLs, passwords, or other sensitive information. In the event that a user doesn't notice their information while reviewing a bugreport, that user may leak their credentials to other individuals, mailing lists, or bug tracking tools inadvertently. Heuristic blocklisting of configuration keys is imperfect and prone to false negatives; given the nature of the information which can be leaked, a safelist is more reliable. However, it's possible that in some situations, an organization may be less concerned with privacy of things like remote URLs and branch names, and more concerned with ease of diagnosis for their support staff. In those cases, it may make more sense for that organization to modify the code to use a blocklist. To that end, we should try to mark configs which are definitely safe, and configs which are definitely unsafe, and leave blank configs which are somewhere in between. To mark a config as safe, add "annotate:bugreport[include]" to the corresponding line in the config documentation; to mark it as unsafe, add "annotate:bugreport[exclude]" instead. Generating bugreport-config-safelist.h at build time by grepping the documentation for this new macro helps us prevent staleness. The macro itself is a no-op and should not alter the appearance of the documentation in either AsciiDoc or AsciiDoctor, confirmable by running: cd Documentation ./doc-diff --asciidoctor HEAD^ HEAD ./doc-diff --asciidoc HEAD^ HEAD Diffing the rendered HTML shows that only inline comments were added, which shouldn't be a problem. Additionally, add annotations to the sendemail config documentation in order to demonstrate a proof of concept. Helped-by: Martin Ă…gren Helped-by: Johannes Schindelin Signed-off-by: Emily Shaffer --- .gitignore | 1 + Documentation/asciidoc.conf | 9 ++++ Documentation/asciidoctor-extensions.rb | 7 ++++ Documentation/config/sendemail.txt | 56 ++++++++++++------------- Makefile | 7 ++++ generate-bugreport-config-safelist.sh | 18 ++++++++ 6 files changed, 70 insertions(+), 28 deletions(-) create mode 100755 generate-bugreport-config-safelist.sh diff --git a/.gitignore b/.gitignore index ee509a2ad2..0177839ae8 100644 --- a/.gitignore +++ b/.gitignore @@ -191,6 +191,7 @@ /gitweb/static/gitweb.min.* /config-list.h /command-list.h +/bugreport-config-safelist.h *.tar.gz *.dsc *.deb diff --git a/Documentation/asciidoc.conf b/Documentation/asciidoc.conf index 3e4c13971b..fd225e30cc 100644 --- a/Documentation/asciidoc.conf +++ b/Documentation/asciidoc.conf @@ -6,9 +6,14 @@ # # Show Git link as: (
); if section is defined, else just show # the command. +# +# The annotate macro does nothing as far as rendering is +# concerned -- we just grep for it in the sources to populate +# things like the bugreport safelist. [macros] (?su)[\\]?(?Plinkgit):(?P\S*?)\[(?P.*?)\]= +(?su)[\\]?(?Pannotate):(?P\S*?)\[(?P.*?)\]= [attributes] asterisk=* @@ -28,6 +33,8 @@ ifdef::backend-docbook[] {0#} {0#{target}{0}} {0#} +[annotate-inlinemacro] +{0#} endif::backend-docbook[] ifdef::backend-docbook[] @@ -75,4 +82,6 @@ ifdef::backend-xhtml11[] git-relative-html-prefix= [linkgit-inlinemacro] {target}{0?({0})} +[annotate-inlinemacro] + endif::backend-xhtml11[] diff --git a/Documentation/asciidoctor-extensions.rb b/Documentation/asciidoctor-extensions.rb index d906a00803..03c80af0e5 100644 --- a/Documentation/asciidoctor-extensions.rb +++ b/Documentation/asciidoctor-extensions.rb @@ -39,10 +39,17 @@ module Git output end end + + class AnnotateProcessor < Asciidoctor::Extensions::InlineMacroProcessor + def process(parent, target, attrs) + "" + end + end end end Asciidoctor::Extensions.register do inline_macro Git::Documentation::LinkGitProcessor, :linkgit postprocessor Git::Documentation::DocumentPostProcessor + inline_macro Git::Documentation::AnnotateProcessor, :annotate end diff --git a/Documentation/config/sendemail.txt b/Documentation/config/sendemail.txt index 0006faf800..fe27473e44 100644 --- a/Documentation/config/sendemail.txt +++ b/Documentation/config/sendemail.txt @@ -4,7 +4,7 @@ sendemail.identity:: values in the 'sendemail' section. The default identity is the value of `sendemail.identity`. -sendemail.smtpEncryption:: +sendemail.smtpEncryption annotate:bugreport[include] :: See linkgit:git-send-email[1] for description. Note that this setting is not subject to the 'identity' mechanism. @@ -15,7 +15,7 @@ sendemail.smtpsslcertpath:: Path to ca-certificates (either a directory or a single file). Set it to an empty string to disable certificate verification. -sendemail..*:: +sendemail..* annotate:bugreport[exclude] :: Identity-specific versions of the 'sendemail.*' parameters found below, taking precedence over those when this identity is selected, through either the command-line or @@ -23,41 +23,41 @@ sendemail..*:: sendemail.aliasesFile:: sendemail.aliasFileType:: -sendemail.annotate:: -sendemail.bcc:: -sendemail.cc:: -sendemail.ccCmd:: -sendemail.chainReplyTo:: -sendemail.confirm:: -sendemail.envelopeSender:: -sendemail.from:: -sendemail.multiEdit:: -sendemail.signedoffbycc:: -sendemail.smtpPass:: -sendemail.suppresscc:: -sendemail.suppressFrom:: -sendemail.to:: -sendemail.tocmd:: -sendemail.smtpDomain:: -sendemail.smtpServer:: -sendemail.smtpServerPort:: -sendemail.smtpServerOption:: -sendemail.smtpUser:: -sendemail.thread:: -sendemail.transferEncoding:: -sendemail.validate:: -sendemail.xmailer:: +sendemail.annotate annotate:bugreport[include] :: +sendemail.bcc annotate:bugreport[include] :: +sendemail.cc annotate:bugreport[include] :: +sendemail.ccCmd annotate:bugreport[include] :: +sendemail.chainReplyTo annotate:bugreport[include] :: +sendemail.confirm annotate:bugreport[include] :: +sendemail.envelopeSender annotate:bugreport[include] :: +sendemail.from annotate:bugreport[include] :: +sendemail.multiEdit annotate:bugreport[include] :: +sendemail.signedoffbycc annotate:bugreport[include] :: +sendemail.smtpPass annotate:bugreport[exclude] :: +sendemail.suppresscc annotate:bugreport[include] :: +sendemail.suppressFrom annotate:bugreport[include] :: +sendemail.to annotate:bugreport[include] :: +sendemail.tocmd annotate:bugreport[include] :: +sendemail.smtpDomain annotate:bugreport[include] :: +sendemail.smtpServer annotate:bugreport[include] :: +sendemail.smtpServerPort annotate:bugreport[include] :: +sendemail.smtpServerOption annotate:bugreport[include] :: +sendemail.smtpUser annotate:bugreport[exclude] :: +sendemail.thread annotate:bugreport[include] :: +sendemail.transferEncoding annotate:bugreport[include] :: +sendemail.validate annotate:bugreport[include] :: +sendemail.xmailer annotate:bugreport[include] :: See linkgit:git-send-email[1] for description. sendemail.signedoffcc (deprecated):: Deprecated alias for `sendemail.signedoffbycc`. -sendemail.smtpBatchSize:: +sendemail.smtpBatchSize annotate:bugreport[include] :: Number of messages to be sent per connection, after that a relogin will happen. If the value is 0 or undefined, send all messages in one connection. See also the `--batch-size` option of linkgit:git-send-email[1]. -sendemail.smtpReloginDelay:: +sendemail.smtpReloginDelay annotate:bugreport[include] :: Seconds wait before reconnecting to smtp server. See also the `--relogin-delay` option of linkgit:git-send-email[1]. diff --git a/Makefile b/Makefile index 372139f1f2..11d4029003 100644 --- a/Makefile +++ b/Makefile @@ -810,6 +810,7 @@ VCSSVN_LIB = vcs-svn/lib.a GENERATED_H += config-list.h GENERATED_H += command-list.h +GENERATED_H += bugreport-config-safelist.h LIB_H := $(sort $(patsubst ./%,%,$(shell git ls-files '*.h' ':!t/' ':!Documentation/' 2>/dev/null || \ $(FIND) . \ @@ -2164,6 +2165,12 @@ command-list.h: $(wildcard Documentation/git*.txt) Documentation/*config.txt Doc $(patsubst %,--exclude-program %,$(EXCLUDED_PROGRAMS)) \ command-list.txt >$@+ && mv $@+ $@ +bugreport-config-safelist.h: generate-bugreport-config-safelist.sh + +bugreport-config-safelist.h: Documentation/config/*.txt + $(QUIET_GEN)$(SHELL_PATH) ./generate-bugreport-config-safelist.sh \ + >$@+ && mv $@+ $@ + SCRIPT_DEFINES = $(SHELL_PATH_SQ):$(DIFF_SQ):$(GIT_VERSION):\ $(localedir_SQ):$(NO_CURL):$(USE_GETTEXT_SCHEME):$(SANE_TOOL_PATH_SQ):\ $(gitwebdir_SQ):$(PERL_PATH_SQ):$(SANE_TEXT_GREP):$(PAGER_ENV):\ diff --git a/generate-bugreport-config-safelist.sh b/generate-bugreport-config-safelist.sh new file mode 100755 index 0000000000..5bf1f4ad82 --- /dev/null +++ b/generate-bugreport-config-safelist.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +cat <<"EOF" +/* Automatically generated by bugreport-generate-config-safelist.sh */ + + +static const char *bugreport_config_safelist[] = { +EOF + +# cat all regular files in Documentation/config +find Documentation/config -type f -exec cat {} \; | +# print the command name which matches the annotate-bugreport macro +sed -n 's/^\([^ ]*\) *annotate:bugreport\[include\].* ::$/ "\1",/p' | + sort + +cat <<"EOF" +}; +EOF From patchwork Wed Jun 24 01:28:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Emily Shaffer X-Patchwork-Id: 11622181 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3C3D26C1 for ; Wed, 24 Jun 2020 01:28:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2434C214F1 for ; Wed, 24 Jun 2020 01:28:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="m+xSDzZ5" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388418AbgFXB2o (ORCPT ); Tue, 23 Jun 2020 21:28:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387842AbgFXB2n (ORCPT ); Tue, 23 Jun 2020 21:28:43 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B008C061755 for ; Tue, 23 Jun 2020 18:28:41 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id a188so592291ybg.20 for ; Tue, 23 Jun 2020 18:28:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Lo26tiHO+9f9HPf5ytUKuhgqaHnhgouLFXzAm4wNgkI=; b=m+xSDzZ5n9lHhT8zR0a46ehCLv2d3ojO9WJ8am6M/WrIhWznI88N+UVXH5X/7/5vFX 6sJHZho4JxLf4mMZcbyQv3eqyDCnoN9kDxdfltpLTEe/GV/OqIVqgftAWcQmxmQmqILb 9D58CeyX+FpxajSn8ryoe1mnmfyKerG0I27CtuUz1GHdYlUPS9K8OduQ+sXlKY6GEQzV QS5pmD4cbaGRyHBQ1gYvo2qQZ+9yGJ+ajmxnfJ5Z/OEVlJ+v4y3ECvnVEf6SAJ1AsT9g BDkUggiQ5dLFFdLPzVG8C2W1F2PUCAS4RcPHshltsuvmhnKearFEsVpTv3Kf5iZHAHaj zhOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Lo26tiHO+9f9HPf5ytUKuhgqaHnhgouLFXzAm4wNgkI=; b=gVdNn9pst3/KGC/IL7KyS0IrNVIObdLS3VMiRNTyIoYg5ICt502LDUjUEKDiakjct4 YhPUG8u1QQ3Bdmjcrlg6Qn2isANFh6aBUKmQH4wJHMU4Hhsoqb2NiSTM3WfRWeIyWfVJ 5Gh6LQJihBaj4O+XGhT29XkxAVPZPJqI7I3/hrZsz0O/fzykaOM5zj/BoggIXlGNVRez vsHzNvlvvG2ioetzKvs8szZzZmrgePhqWHVGchgT8OnkFZ2D9lxcrqL6Nb0WUOlOe7t6 HKDZ1r7a0BV3KSU+QizyT6+w8FG9H2ROa/X4KaW86SvTkA9kIJ9yS9IRFRa3Kvc2YYed FK6Q== X-Gm-Message-State: AOAM533wBOZaiyd7HKMvOW75+FFNthDIJbGuBr5n79YSYCasLFxvTdP1 ZQXjUwE4RcEVCQ4EOlpnbciv5gsM8xgxWFjdP5jNjMzUMQe6fHxBdFY9hF6BMl1ajsGrs1euQyi i7SEXpxmUKS8Zq25RlZLBfjq1yoSmfOyYrl9GpWBNit29SdCaq/MG+EgviRVqYSoTkD1hMeg+zQ == X-Google-Smtp-Source: ABdhPJwGg1wI4uFsS2AhfISovYW8RatAMKxBzISlB/GEP+w9NX6utjHI4jQSpE8k8VqEPnywh1yeTwOVSbm5FOLIHXY= X-Received: by 2002:a25:7744:: with SMTP id s65mr39142084ybc.400.1592962120664; Tue, 23 Jun 2020 18:28:40 -0700 (PDT) Date: Tue, 23 Jun 2020 18:28:27 -0700 In-Reply-To: <20200624012827.34126-1-emilyshaffer@google.com> Message-Id: <20200624012827.34126-3-emilyshaffer@google.com> Mime-Version: 1.0 References: <20200624012827.34126-1-emilyshaffer@google.com> X-Mailer: git-send-email 2.27.0.111.gc72c7da667-goog Subject: [PATCH 2/2] bugreport: add config values from safelist From: Emily Shaffer To: git@vger.kernel.org Cc: Emily Shaffer Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Teach bugreport to gather the values of config options which are present in 'bugreport-config-safelist.h', and show their origin scope. Many config options are sensitive, and many Git add-ons use config options which git-core does not know about; it is better only to gather config options which we know to be safe, rather than excluding options which we know to be unsafe. Rather than including the path to someone's config, which can reveal filesystem layout and project names, just name the scope (e.g. system, global, local) of the config source. Signed-off-by: Emily Shaffer --- Documentation/git-bugreport.txt | 1 + Makefile | 2 ++ bugreport.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/Documentation/git-bugreport.txt b/Documentation/git-bugreport.txt index 66e88c2e31..827063d69b 100644 --- a/Documentation/git-bugreport.txt +++ b/Documentation/git-bugreport.txt @@ -30,6 +30,7 @@ The following information is captured automatically: - Compiler-specific info string - A list of enabled hooks - $SHELL + - Selected config values This tool is invoked via the typical Git setup process, which means that in some cases, it might not be able to launch - for example, if a relevant config file diff --git a/Makefile b/Makefile index 11d4029003..a88f918c77 100644 --- a/Makefile +++ b/Makefile @@ -2132,6 +2132,8 @@ git$X: git.o GIT-LDFLAGS $(BUILTIN_OBJS) $(GITLIBS) help.sp help.s help.o: command-list.h +bugreport.sp bugreport.s bugreport.o: bugreport-config-safelist.h + builtin/help.sp builtin/help.s builtin/help.o: config-list.h GIT-PREFIX builtin/help.sp builtin/help.s builtin/help.o: EXTRA_CPPFLAGS = \ '-DGIT_HTML_PATH="$(htmldir_relative_SQ)"' \ diff --git a/bugreport.c b/bugreport.c index 28f4568b01..f988939bba 100644 --- a/bugreport.c +++ b/bugreport.c @@ -4,6 +4,8 @@ #include "help.h" #include "compat/compiler.h" #include "run-command.h" +#include "config.h" +#include "bugreport-config-safelist.h" static void get_system_info(struct strbuf *sys_info) @@ -86,6 +88,29 @@ static void get_populated_hooks(struct strbuf *hook_info, int nongit) strbuf_addf(hook_info, "%s\n", hook[i]); } +static void get_safelisted_config(struct strbuf *config_info) +{ + size_t idx; + struct string_list_item *it = NULL; + struct key_value_info *kv_info = NULL; + + for (idx = 0; idx < ARRAY_SIZE(bugreport_config_safelist); idx++) { + const struct string_list *list = + git_config_get_value_multi(bugreport_config_safelist[idx]); + + if (!list) + continue; + + strbuf_addf(config_info, "%s:\n", bugreport_config_safelist[idx]); + for_each_string_list_item(it, list) { + kv_info = it->util; + strbuf_addf(config_info, " %s (%s)\n", it->string, + kv_info ? config_scope_name(kv_info->scope) + : _("source unknown")); + } + } +} + static const char * const bugreport_usage[] = { N_("git bugreport [-o|--output-directory ] [-s|--suffix ]"), NULL @@ -172,6 +197,9 @@ int cmd_main(int argc, const char **argv) get_header(&buffer, _("Enabled Hooks")); get_populated_hooks(&buffer, nongit_ok); + get_header(&buffer, _("Safelisted Config Info")); + get_safelisted_config(&buffer); + /* fopen doesn't offer us an O_EXCL alternative, except with glibc. */ report = open(report_path.buf, O_CREAT | O_EXCL | O_WRONLY, 0666);