From patchwork Wed Jul 13 13:20:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 12916717 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82F5AC43334 for ; Wed, 13 Jul 2022 13:21:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235830AbiGMNVA (ORCPT ); Wed, 13 Jul 2022 09:21:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46576 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235845AbiGMNU5 (ORCPT ); Wed, 13 Jul 2022 09:20:57 -0400 Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4BBF5A44A for ; Wed, 13 Jul 2022 06:20:55 -0700 (PDT) Received: by mail-wm1-x32a.google.com with SMTP id c131-20020a1c3589000000b003a2cc290135so1213139wma.2 for ; Wed, 13 Jul 2022 06:20:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=NMFt49jdQBSiJIxaB/Gr3ILjVtOdeH/cbNOqJwr7YR4=; b=QodVmbUo4rVH9dHyLvZtmPyAtrLdJ/trL9GrMxpVIPN8j9az2t8KbnFmcoE0J5rVVC A4X1oSKEavq8oe44V63kIN9wPMHWGIzWjaR9ygK2/lx/0bCGgztUA1bt/x604XtSrFEX Nb7F1CWqZfBfd+DPvYnY0juZYreOreIae5PDbV7RRlyzh8Q3pX+t2RV0oSfuXPpEwxva OUkLd8BVAnH8v5kKHD81LSkloMgKRTj5qbQy4aR9UjF2FAHVfUaErpsrA+FFY11a17wb 26qHdS5XI6KsI7kTd1sXsGG9KosxCKhwdNb9RoibuU5E+pyTm+XTbuqIaVhGXABQaUtD GzgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=NMFt49jdQBSiJIxaB/Gr3ILjVtOdeH/cbNOqJwr7YR4=; b=0Bn+d9fd5kMo3SG82DtuqGkE3OzG0PfXEz7d0ljyGlmcjlNrSy0+Erl+Tq3iMvvnpQ HD27d7GdqEUnYnd5galJ3kRiiq+tA+KMpslPrH7AZLHj2oxYEBnk5u4/BEEJN9gldlzg QCV8lbiWd/PsonSbAaO3v/I/l+2dUV0JdNU2txECJnrTdD7r6H9jXkzb5xQ/SaGxndMf hUQQjDSUA6Xn1y3YdaZMmh9J/2jFKqFxc6/MyQg37Mj+t4wjKrQa87tJUjoQsbr575H3 RjPGphhZ9eRLGt7BAVR6SIaHf2g31DGEK9eXc7DV0i22s9Kp32bxrvg2Plxr/FGbCbHs q1Ew== X-Gm-Message-State: AJIora8h4YM6loIhMbaQOPGq6l0a07TeQuyWttlx2/pv2a9ei5gc45GD me1mqln4u20QETd+Xd4awmzG7aMd1X4= X-Google-Smtp-Source: AGRyM1s+v05wPdciLOWJpEm1f/Pm1XJp28r6NhQMnjxF3hfjfD/ib3CoYWL3bG7uRtd5N0CK03MBGw== X-Received: by 2002:a05:600c:1d9e:b0:3a2:f365:29ee with SMTP id p30-20020a05600c1d9e00b003a2f36529eemr5014895wms.24.1657718453383; Wed, 13 Jul 2022 06:20:53 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id ay15-20020a05600c1e0f00b003a2fb1224d9sm1875852wmb.19.2022.07.13.06.20.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Jul 2022 06:20:52 -0700 (PDT) Message-Id: In-Reply-To: References: Date: Wed, 13 Jul 2022 13:20:48 +0000 Subject: [PATCH 1/3] Documentation: use allowlist and denylist Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, johannes.schindelin@gmx.de, Derrick Stolee , Derrick Stolee Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Derrick Stolee From: Derrick Stolee Using "allowlist" and "denylist" is a more precise definition of the functionality they provide. The previous color-based words assume cultural interpretation to provide the meaning. Focus on replacements in the Documentation/ directory since these are not functional uses. Signed-off-by: Derrick Stolee --- Documentation/git-cvsserver.txt | 2 +- Documentation/git-daemon.txt | 10 +++++----- Documentation/git.txt | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt index 4dc57ed2547..40ea1f3af8e 100644 --- a/Documentation/git-cvsserver.txt +++ b/Documentation/git-cvsserver.txt @@ -313,7 +313,7 @@ circumstances, allowing easier restricted usage through git-shell. GIT_CVSSERVER_BASE_PATH takes the place of the argument to --base-path. -GIT_CVSSERVER_ROOT specifies a single-directory whitelist. The +GIT_CVSSERVER_ROOT specifies a single-directory allowlist. The repository must still be configured to allow access through git-cvsserver, as described above. diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index fdc28c041c7..ff74a90aead 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -33,7 +33,7 @@ It verifies that the directory has the magic file "git-daemon-export-ok", and it will refuse to export any Git directory that hasn't explicitly been marked for export this way (unless the `--export-all` parameter is specified). If you pass some directory paths as 'git daemon' arguments, you can further restrict -the offers to a whitelist comprising of those. +the offers to a allowlist comprising of those. By default, only `upload-pack` service is enabled, which serves 'git fetch-pack' and 'git ls-remote' clients, which are invoked @@ -50,7 +50,7 @@ OPTIONS Match paths exactly (i.e. don't allow "/foo/repo" when the real path is "/foo/repo.git" or "/foo/repo/.git") and don't do user-relative paths. 'git daemon' will refuse to start when this option is enabled and no - whitelist is specified. + allowlist is specified. --base-path=:: Remap all the path requests as relative to the given path. @@ -73,7 +73,7 @@ OPTIONS %IP for the server's IP address, %P for the port number, and %D for the absolute path of the named repository. After interpolation, the path is validated against the directory - whitelist. + allowlist. --export-all:: Allow pulling from all directories that look like Git repositories @@ -218,7 +218,7 @@ standard output to be sent to the requestor as an error message when it declines the service. :: - A directory to add to the whitelist of allowed directories. Unless + A directory to add to the allowlist of allowed directories. Unless --strict-paths is specified this will also include subdirectories of each named directory. @@ -264,7 +264,7 @@ git 9418/tcp # Git Version Control System 'git daemon' as inetd server:: To set up 'git daemon' as an inetd service that handles any - repository under the whitelisted set of directories, /pub/foo + repository under the allowlisted set of directories, /pub/foo and /pub/bar, place an entry like the following into /etc/inetd all on one line: + diff --git a/Documentation/git.txt b/Documentation/git.txt index 302607a4967..384718ee677 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -887,7 +887,7 @@ for full details. protocols has `protocol..allow` set to `always` (overriding any existing configuration). In other words, any protocol not mentioned will be disallowed (i.e., this is a - whitelist, not a blacklist). See the description of + allowlist, not a denylist). See the description of `protocol.allow` in linkgit:git-config[1] for more details. `GIT_PROTOCOL_FROM_USER`:: From patchwork Wed Jul 13 13:20:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 12916718 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37373CCA479 for ; Wed, 13 Jul 2022 13:21:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236155AbiGMNVD (ORCPT ); Wed, 13 Jul 2022 09:21:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236003AbiGMNU5 (ORCPT ); Wed, 13 Jul 2022 09:20:57 -0400 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90F7D38AA for ; Wed, 13 Jul 2022 06:20:56 -0700 (PDT) Received: by mail-wm1-x32b.google.com with SMTP id h14-20020a1ccc0e000000b0039eff745c53so1172058wmb.5 for ; Wed, 13 Jul 2022 06:20:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=GKWEyZMhshUZoup8C3AwSREjftqP6Zj/BYI98BTcQks=; b=iv30s0Y7SFtAlYOwtK/q20NKn2PqUX2Qd0BBus3DYv+qx3YMe32piFLyykSq8OM6Tu X6H7vHydQ2CCgrlTHve7vpQiA+FSh3WwpafVkaHnelO4squ+IPy5auKiXi/0oFT0lg34 MB2WhNXdLvmPUHGwC4R4ilrMoSYDzT3TJpFxZvSsQWQETvA/MXU/DEb1cTkzmD1Gl3lb 4kV1Y0/as246/ckRC3C5EB/OK2Oklhw2974MSk/M4Q7ooM93eCoAXy5rVrOFC0ZMrEwM jtues5H1BWedfJtWaJu1TdtoLCVX9x6Wx/+FD1y216mLrABVxWUlxgAHJw+kNFRMaEbR /w+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=GKWEyZMhshUZoup8C3AwSREjftqP6Zj/BYI98BTcQks=; b=l11U0su+4JvD6zpP+RKZXEzjHqmLEdcGAVSNtBqilVtCa/2i8UKfl/bGEJduEoUdOo Mqx1HIVMIHB79g2+DqONwXfEBLEDzdexRhbcjeqOfKAmFhgZzrryOgvv/uEMQhNTCCCF xTleGTXqZyTUp24TMPNkzh6ZyrVZOJRgQN731UPEaAgNpoDd9xfLYnCgvTRY/aOATSXh PToK02bIHr/DizJ760CcTAW/O/CXwYr1IU/d3TWjZKyr+IRLhh5h5wddFSB9nFVBZzcU Qxq+g6sjuIvrIP9noU74NbPaYlcaxu++SReVOnVrkgjYUUq++h32guPNx5CYdpCALsLU PZpg== X-Gm-Message-State: AJIora+u3Eamlc+1p+BrrPJMr+dUmbGFj+r47tGXPmMQhPNB6J5tnVkq quxYnpSvCSdAHTtCrloHSuUvKV1tLag= X-Google-Smtp-Source: AGRyM1ucjbUMLJ6dEJ4RYWivR8gUwffIbx8mmeDRCrmcNWMylRnHU+xZAiQQFnSMZCl7HmGj+OcaMw== X-Received: by 2002:a05:600c:3845:b0:3a2:c04d:5ff9 with SMTP id s5-20020a05600c384500b003a2c04d5ff9mr9807828wmr.74.1657718454725; Wed, 13 Jul 2022 06:20:54 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id p6-20020a05600c358600b003a2e2ba94ecsm2146998wmq.40.2022.07.13.06.20.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Jul 2022 06:20:54 -0700 (PDT) Message-Id: <0d82c2a09c5e6a8e63b5294d738f51fc5b82af42.1657718450.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Wed, 13 Jul 2022 13:20:49 +0000 Subject: [PATCH 2/3] t/*: use allowlist Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, johannes.schindelin@gmx.de, Derrick Stolee , Derrick Stolee Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Derrick Stolee From: Derrick Stolee Using "allowlist" is a more precise definition of the functionality provided. The previous color-based word assume cultural interpretation to provide the meaning. Focus on changes in the test scripts, since most of the changes are in comments and test names. The one exception is the renamed test_allowlist helper. Signed-off-by: Derrick Stolee --- t/README | 4 ++-- t/lib-proto-disable.sh | 6 +++--- t/t5812-proto-disable-http.sh | 2 +- t/t5815-submodule-protos.sh | 4 ++-- t/t9400-git-cvsserver-server.sh | 2 +- t/test-lib-functions.sh | 2 +- t/test-lib.sh | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/t/README b/t/README index 309a31133c6..0c388a952f9 100644 --- a/t/README +++ b/t/README @@ -367,8 +367,8 @@ GIT_TEST_SPLIT_INDEX= forces split-index mode on the whole test suite. Accept any boolean values that are accepted by git-config. GIT_TEST_PASSING_SANITIZE_LEAK= when compiled with -SANITIZE=leak will run only those tests that have whitelisted -themselves as passing with no memory leaks. Tests can be whitelisted +SANITIZE=leak will run only those tests that have allowlisted +themselves as passing with no memory leaks. Tests can be allowlisted by setting "TEST_PASSES_SANITIZE_LEAK=true" before sourcing "test-lib.sh" itself at the top of the test script. This test mode is used by the "linux-leaks" CI target. diff --git a/t/lib-proto-disable.sh b/t/lib-proto-disable.sh index 83babe57d95..6f2de57ef29 100644 --- a/t/lib-proto-disable.sh +++ b/t/lib-proto-disable.sh @@ -1,7 +1,7 @@ # Test routines for checking protocol disabling. -# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist -test_whitelist () { +# Test clone/fetch/push with GIT_ALLOW_PROTOCOL allowlist +test_allowlist () { desc=$1 proto=$2 url=$3 @@ -183,7 +183,7 @@ test_config () { # $2 - machine-readable name of the protocol # $3 - the URL to try cloning test_proto () { - test_whitelist "$@" + test_allowlist "$@" test_config "$@" } diff --git a/t/t5812-proto-disable-http.sh b/t/t5812-proto-disable-http.sh index af8772fadaa..d6f9cd67588 100755 --- a/t/t5812-proto-disable-http.sh +++ b/t/t5812-proto-disable-http.sh @@ -16,7 +16,7 @@ test_expect_success 'create git-accessible repo' ' test_proto "smart http" http "$HTTPD_URL/smart/repo.git" -test_expect_success 'curl redirects respect whitelist' ' +test_expect_success 'curl redirects respect allowlist' ' test_must_fail env GIT_ALLOW_PROTOCOL=http:https \ GIT_SMART_HTTP=0 \ git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr && diff --git a/t/t5815-submodule-protos.sh b/t/t5815-submodule-protos.sh index 06f55a1b8a0..eecc401831f 100755 --- a/t/t5815-submodule-protos.sh +++ b/t/t5815-submodule-protos.sh @@ -1,6 +1,6 @@ #!/bin/sh -test_description='test protocol whitelisting with submodules' +test_description='test protocol allowlisting with submodules' . ./test-lib.sh . "$TEST_DIRECTORY"/lib-proto-disable.sh @@ -36,7 +36,7 @@ test_expect_success 'update of ext not allowed' ' test_must_fail git -C dst submodule update ext-module ' -test_expect_success 'user can override whitelist' ' +test_expect_success 'user can override allowlist' ' GIT_ALLOW_PROTOCOL=ext git -C dst submodule update ext-module ' diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh index 210ddf09e30..03962d598f5 100755 --- a/t/t9400-git-cvsserver-server.sh +++ b/t/t9400-git-cvsserver-server.sh @@ -221,7 +221,7 @@ test_expect_success 'req_Root (export-all)' \ 'cat request-anonymous | git-cvsserver --export-all pserver "$WORKDIR" >log 2>&1 && sed -ne \$p log | grep "^I LOVE YOU\$"' -test_expect_success 'req_Root failure (export-all w/o whitelist)' \ +test_expect_success 'req_Root failure (export-all w/o allowlist)' \ '! (cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 || false)' test_expect_success 'req_Root (everything together)' \ diff --git a/t/test-lib-functions.sh b/t/test-lib-functions.sh index 6da7273f1d5..5351bbd83b9 100644 --- a/t/test-lib-functions.sh +++ b/t/test-lib-functions.sh @@ -651,7 +651,7 @@ test_set_prereq () { # test_unset_prereq() !*) ;; - # (Temporary?) whitelist of things we can't easily + # (Temporary?) allowlist of things we can't easily # pretend not to support SYMLINKS) ;; diff --git a/t/test-lib.sh b/t/test-lib.sh index 55857af601b..6f5fccccb75 100644 --- a/t/test-lib.sh +++ b/t/test-lib.sh @@ -1408,7 +1408,7 @@ then test_done fi -# skip non-whitelisted tests when compiled with SANITIZE=leak +# skip non-allowlisted tests when compiled with SANITIZE=leak if test -n "$SANITIZE_LEAK" then if test_bool_env GIT_TEST_PASSING_SANITIZE_LEAK false From patchwork Wed Jul 13 13:20:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 12916719 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AF89C433EF for ; Wed, 13 Jul 2022 13:21:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236252AbiGMNVH (ORCPT ); Wed, 13 Jul 2022 09:21:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46602 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236087AbiGMNU6 (ORCPT ); Wed, 13 Jul 2022 09:20:58 -0400 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A18E0E0B for ; Wed, 13 Jul 2022 06:20:57 -0700 (PDT) Received: by mail-wr1-x42c.google.com with SMTP id h17so15540083wrx.0 for ; Wed, 13 Jul 2022 06:20:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=B9fNCB2RoTaMPJdRqrzJPfckuHXVf+rolwUdV11kQGQ=; b=ldd8dHYBGrvnw3CdnnmAMujAoLm+z6tpE9qByQpuBUX8IUBbABuBytzUGVtmnOTDAv j9dhlPU1m9p3mbreaBkir4scvtSqISiUR6Klfxdf1VOpihBICYrvXNMmaLdhCiTsVmzp m/BGmSPLlMwW1I8aZM7ElzrZx9FpGNdF/jofW/+hF9h141lwbG+1aYp1YSKInCOWgJI0 uGe6LLnVaaf/FKChYr/HHndNQMVsoyl+3mWiIXtRi+tsDl3qnf4kZLB81wQoB0Baln33 iCxAYHbqQjTA1lK5UfTQLjaMVecHfcVwQUXV3BsO4cemxR6UAgM7m2jFJSKaCdG43aCx gwfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=B9fNCB2RoTaMPJdRqrzJPfckuHXVf+rolwUdV11kQGQ=; b=053DJ9wSWfTkcuax0/bcVXFXOUT5GqENyHUIWjJG5K8+c0DCnwxRYTxq5pQFwf+wmo /VKw0SH5lpSmnXnNifYPtrGFQOxCc+Ix14JuXG+NIxvj5tWW0lJtFaBwfPzswrDOk75E M1+oRa7/k1jpsdFHOCTTrxaTgv5lzBQ1JapQOawNVfkdsQiTG46gysmgRb7MNfuALIIq 4d50kPhvvk9i2VBFWR3j7z7pB/a8afSyxKV4w9ml1AmKXSCqTsGhOHvbIzZbp2BOq17u 4D9pJDN9mRkzieGr6rYlNDwghhStklzDf+arMCF7g0PEQVPRY+gZwmxQyoqplGcACly5 DNew== X-Gm-Message-State: AJIora+9NE5cNmkOAYlVKWr8uExk6GfU620fhDNsbd1tRzLQv/iyy0Wj xg6IBw/hH+GEymrsjUMWTlmM/7RUAVQ= X-Google-Smtp-Source: AGRyM1uI8s66eCSNahKyyDcJS5igozoc/xJNUAmMARipa7MjQf8Fr/dErMJoHxqBMlm08EVh7enOAQ== X-Received: by 2002:a5d:6d46:0:b0:21b:933d:7950 with SMTP id k6-20020a5d6d46000000b0021b933d7950mr3222971wri.679.1657718455854; Wed, 13 Jul 2022 06:20:55 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id l13-20020a05600c2ccd00b003a2f2bb72d5sm739201wmc.45.2022.07.13.06.20.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Jul 2022 06:20:55 -0700 (PDT) Message-Id: <8aaceedb7a8f9d95550ef4a2d147c837ede6acec.1657718450.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Wed, 13 Jul 2022 13:20:50 +0000 Subject: [PATCH 3/3] *: use allowlist and denylist Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, johannes.schindelin@gmx.de, Derrick Stolee , Derrick Stolee Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Derrick Stolee From: Derrick Stolee Using "allowlist" and "denylist" is a more precise definition of the functionality they provide. The previous color-based words assume cultural interpretation to provide the meaning. These changes to the Git codebase are mostly cosmetic. Several comments are updated. The renamed protocol_allowlist() method is local to transport.c so does not update any header file API definition. There are some untranslated error messages that are reworded, so this _might_ affect error parsers. However, two of the three error messages are around option parsing, so they are "fast failures". The one perhaps meaningful change is the logerror() in daemon.c. After this change, the only remaining uses of the previous words are in release notes for older versions of Git. Signed-off-by: Derrick Stolee --- daemon.c | 8 ++++---- git-cvsserver.perl | 2 +- sha1dc/sha1.c | 12 ++++++------ transport.c | 8 ++++---- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/daemon.c b/daemon.c index 58f1077885c..ed7c53b1110 100644 --- a/daemon.c +++ b/daemon.c @@ -279,7 +279,7 @@ static const char *path_ok(const char *directory, struct hostinfo *hi) /* The validation is done on the paths after enter_repo * appends optional {.git,.git/.git} and friends, but * it does not use getcwd(). So if your /pub is - * a symlink to /mnt/pub, you can whitelist /pub and + * a symlink to /mnt/pub, you can allowlist /pub and * do not have to say /mnt/pub. * Do not say /pub/. */ @@ -298,7 +298,7 @@ static const char *path_ok(const char *directory, struct hostinfo *hi) return path; } - logerror("'%s': not in whitelist", path); + logerror("'%s': not in allowlist", path); return NULL; /* Fallthrough. Deny by default */ } @@ -403,7 +403,7 @@ static int run_service(const char *dir, struct daemon_service *service, * a "git-daemon-export-ok" flag that says that the other side * is ok with us doing this. * - * path_ok() uses enter_repo() and does whitelist checking. + * path_ok() uses enter_repo() and does allowlist checking. * We only need to make sure the repository is exported. */ @@ -1444,7 +1444,7 @@ int cmd_main(int argc, const char **argv) cred = prepare_credentials(user_name, group_name); if (strict_paths && (!ok_paths || !*ok_paths)) - die("option --strict-paths requires a whitelist"); + die("option --strict-paths requires a allowlist"); if (base_path && !is_directory(base_path)) die("base-path '%s' does not exist or is not a directory", diff --git a/git-cvsserver.perl b/git-cvsserver.perl index 4c8118010a8..7d13b0a5ac1 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -152,7 +152,7 @@ $state->{allowed_roots} = [ @ARGV ]; # don't export the whole system unless the users requests it if ($state->{'export-all'} && !@{$state->{allowed_roots}}) { - die "--export-all can only be used together with an explicit whitelist\n"; + die "--export-all can only be used together with an explicit allowlist\n"; } # Environment handling for running under git-shell diff --git a/sha1dc/sha1.c b/sha1dc/sha1.c index dede2cbddf9..b4a5f23c1ec 100644 --- a/sha1dc/sha1.c +++ b/sha1dc/sha1.c @@ -86,30 +86,30 @@ defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || \ defined(__sparc)) /* - * Should define Big Endian for a whitelist of known processors. See + * Should define Big Endian for a allowlist of known processors. See * https://sourceforge.net/p/predef/wiki/Endianness/ and * http://www.oracle.com/technetwork/server-storage/solaris/portingtosolaris-138514.html */ #define SHA1DC_BIGENDIAN -/* Not under GCC-alike or glibc or *BSD or newlib or */ +/* Not under GCC-alike or glibc or *BSD or newlib or */ #elif (defined(_AIX) || defined(__hpux)) /* - * Defines Big Endian on a whitelist of OSs that are known to be Big + * Defines Big Endian on a allowlist of OSs that are known to be Big * Endian-only. See * https://lore.kernel.org/git/93056823-2740-d072-1ebd-46b440b33d7e@felt.demon.nl/ */ #define SHA1DC_BIGENDIAN -/* Not under GCC-alike or glibc or *BSD or newlib or or */ +/* Not under GCC-alike or glibc or *BSD or newlib or or */ #elif defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR) /* * As a last resort before we do anything else we're not 100% sure - * about below, we blacklist specific processors here. We could add + * about below, we denylist specific processors here. We could add * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo */ -#else /* Not under GCC-alike or glibc or *BSD or newlib or or or */ +#else /* Not under GCC-alike or glibc or *BSD or newlib or or or */ /* We do nothing more here for now */ /*#error "Uncomment this to see if you fall through all the detection"*/ diff --git a/transport.c b/transport.c index 52db7a3cb09..321bbe382cc 100644 --- a/transport.c +++ b/transport.c @@ -940,7 +940,7 @@ static int external_specification_len(const char *url) return strchr(url, ':') - url; } -static const struct string_list *protocol_whitelist(void) +static const struct string_list *protocol_allowlist(void) { static int enabled = -1; static struct string_list allowed = STRING_LIST_INIT_DUP; @@ -1020,9 +1020,9 @@ static enum protocol_allow_config get_protocol_config(const char *type) int is_transport_allowed(const char *type, int from_user) { - const struct string_list *whitelist = protocol_whitelist(); - if (whitelist) - return string_list_has_string(whitelist, type); + const struct string_list *allowlist = protocol_allowlist(); + if (allowlist) + return string_list_has_string(allowlist, type); switch (get_protocol_config(type)) { case PROTOCOL_ALLOW_ALWAYS: