From patchwork Fri Jul 15 02:38:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 12918676 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5BD5C43334 for ; Fri, 15 Jul 2022 02:38:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241297AbiGOCiu (ORCPT ); Thu, 14 Jul 2022 22:38:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44994 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241261AbiGOCis (ORCPT ); Thu, 14 Jul 2022 22:38:48 -0400 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11FD913DD4 for ; Thu, 14 Jul 2022 19:38:47 -0700 (PDT) Received: by mail-wr1-x433.google.com with SMTP id f2so4908798wrr.6 for ; Thu, 14 Jul 2022 19:38:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=4zvLDEf858k2Mb94pnld0ZfcIiiNE/Jwdbkemc1GiCw=; b=gkAzGkYZRci2HRWF4//dViil5ijezlj1Xb48v4nezIt++B9Bqv3Gz3Tu5Rd3DVGyWb 7BprZrPfL5bb+vTljh5V8U+hDpZado3H41YywcED0T7OtPm+KXdSSPfcfkMYi0hrKxRW we6Q+2k2GTcE8Es8NeIvELUaf06kveSMAgxMFAF4RDGe2TRNHVGss0hP99w00IKftJjv Q+4Qpd0r2QigjdeJJqvLQu1Vmdl1uPPTgg+Y//yGvT+SnEVR4Aa47evoW9W7DlPb4uOy stR8rzMdG5j9g8TpDJAYUxPtsH9uWgHH9jNdhcqtTzjhY91UnbA48vT6Gng+2ACkupF0 8tTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=4zvLDEf858k2Mb94pnld0ZfcIiiNE/Jwdbkemc1GiCw=; b=OiKVPSsfW+23jZEnQFdRtndhe86CI71htRlcMhfNzzy4CqN6c3RKzY+uFLbAHYV5hK 3TL0djANhWekQt1MpZS/9G3aZxnk6XqZNBpquE6HYOfyxQAEz7FO9jMQZd4GMA+U5OTF kyYJ0sVbBxX/5ve3bUbB3sSw94lOXiXd4ptFBfFq0/2nfIPYTCZBHoxqGw0EvNbzpBDq KOTNWfkWNxhoReetyeMrPmV48/PWwCBjbzUiU3PmjtoqJ2pA0OM0mlmeuRqAqTR3a3y2 ExhXf2S+5Em6yA53pXFzeKuvgaqoeh8lnDkU+jcOveiT2G8jnrOEKHYIPIYhpSS7z0Ah evNA== X-Gm-Message-State: AJIora8rSQllY2Eq57Wdtfpw7sC/y4HWD0KA+sqaEqidZBuWfE3717Js 5iapDYGsR81oumfhiSJfviDZCoYUUIg= X-Google-Smtp-Source: AGRyM1thHTeeXI6Wi6KSH7brC5zRADZXq0OSqDGuEAn0FIFgV2r5THUevd4+4Mj2XoRlH0OhRVjGgA== X-Received: by 2002:a5d:64c7:0:b0:21d:a742:5e2c with SMTP id f7-20020a5d64c7000000b0021da7425e2cmr10851224wri.178.1657852725201; Thu, 14 Jul 2022 19:38:45 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id m24-20020a056000181800b0021d68e1fd42sm2645380wrh.89.2022.07.14.19.38.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Jul 2022 19:38:44 -0700 (PDT) Message-Id: <19632a2d2459114484dcdaddd4db0d22dfd64fa7.1657852722.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Fri, 15 Jul 2022 02:38:40 +0000 Subject: [PATCH v2 1/3] Documentation: remove use of whitelist Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, johannes.schindelin@gmx.de, Jeff King , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsA==?= Bjarmason , Derrick Stolee , Derrick Stolee Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Derrick Stolee From: Derrick Stolee The word "whitelist" has cultural implications that are not inclusive. Thankfully, it is not difficult to reword and avoid its use. Remove uses of "whitelist" in the Documentation/ directory. In all cases, we can rewrite the sentences to add clarity instead of relying on the reader understanding this term. The most substantial change is to git-daemon.txt which had several uses, but we can refer to the input directories as a list of included directories, making the descriptions slightly simpler. Helped-by: Jeff King Helped-by: Junio C Hamano Signed-off-by: Derrick Stolee --- Documentation/git-cvsserver.txt | 2 +- Documentation/git-daemon.txt | 15 +++++++-------- Documentation/git.txt | 3 +-- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt index 4dc57ed2547..e90b03402a5 100644 --- a/Documentation/git-cvsserver.txt +++ b/Documentation/git-cvsserver.txt @@ -313,7 +313,7 @@ circumstances, allowing easier restricted usage through git-shell. GIT_CVSSERVER_BASE_PATH takes the place of the argument to --base-path. -GIT_CVSSERVER_ROOT specifies a single-directory whitelist. The +GIT_CVSSERVER_ROOT specifies a single allowed directory. The repository must still be configured to allow access through git-cvsserver, as described above. diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index fdc28c041c7..7a0539cb411 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -32,8 +32,8 @@ that service if it is enabled. It verifies that the directory has the magic file "git-daemon-export-ok", and it will refuse to export any Git directory that hasn't explicitly been marked for export this way (unless the `--export-all` parameter is specified). If you -pass some directory paths as 'git daemon' arguments, you can further restrict -the offers to a whitelist comprising of those. +pass some directory paths as 'git daemon' arguments, the offers are limited to +repositories within those directories. By default, only `upload-pack` service is enabled, which serves 'git fetch-pack' and 'git ls-remote' clients, which are invoked @@ -50,7 +50,7 @@ OPTIONS Match paths exactly (i.e. don't allow "/foo/repo" when the real path is "/foo/repo.git" or "/foo/repo/.git") and don't do user-relative paths. 'git daemon' will refuse to start when this option is enabled and no - whitelist is specified. + specific directories are specified. --base-path=:: Remap all the path requests as relative to the given path. @@ -73,7 +73,7 @@ OPTIONS %IP for the server's IP address, %P for the port number, and %D for the absolute path of the named repository. After interpolation, the path is validated against the directory - whitelist. + list. --export-all:: Allow pulling from all directories that look like Git repositories @@ -218,7 +218,7 @@ standard output to be sent to the requestor as an error message when it declines the service. :: - A directory to add to the whitelist of allowed directories. Unless + A directory to add to the list of allowed directories. Unless --strict-paths is specified this will also include subdirectories of each named directory. @@ -264,9 +264,8 @@ git 9418/tcp # Git Version Control System 'git daemon' as inetd server:: To set up 'git daemon' as an inetd service that handles any - repository under the whitelisted set of directories, /pub/foo - and /pub/bar, place an entry like the following into - /etc/inetd all on one line: + repository in the directory list of `/pub/foo` and `/pub/bar`, + place an entry like the following into `/etc/inetd` all on one line: + ------------------------------------------------ git stream tcp nowait nobody /usr/bin/git diff --git a/Documentation/git.txt b/Documentation/git.txt index 302607a4967..dd5061563eb 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -886,8 +886,7 @@ for full details. `protocol.allow` is set to `never`, and each of the listed protocols has `protocol..allow` set to `always` (overriding any existing configuration). In other words, any - protocol not mentioned will be disallowed (i.e., this is a - whitelist, not a blacklist). See the description of + protocol not mentioned will be disallowed. See the description of `protocol.allow` in linkgit:git-config[1] for more details. `GIT_PROTOCOL_FROM_USER`:: From patchwork Fri Jul 15 02:38:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 12918677 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C801BC43334 for ; Fri, 15 Jul 2022 02:38:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241299AbiGOCiy (ORCPT ); Thu, 14 Jul 2022 22:38:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241272AbiGOCit (ORCPT ); Thu, 14 Jul 2022 22:38:49 -0400 Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A5F5186FB for ; Thu, 14 Jul 2022 19:38:48 -0700 (PDT) Received: by mail-wr1-x42a.google.com with SMTP id v14so4920944wra.5 for ; Thu, 14 Jul 2022 19:38:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=512TSv1BhDBum5ZjAB6WdIvoruLPU2lnwxcXGckw5xo=; b=PwzMuHvNTjL0M3vATT0w00OYJVgscU9FcZnfMO9k1RVRBz/AECX7yioDcFOw/BGwKB vhqcUuAh10wx9jd54S0WlUka6z8UHEGJu3b0/y1BU7P6ZqzE5bSAt+5AF9RhojbGWiZD zwKgwr3Bn0JeK/KnwwYwDRMnDeKQb1NnnZBLvKw0gngJzyJ/w5w2OyR9sA7dB8ehQyCg OjxSQh8An/vJda2pnQzl5EfwmECbB2x7pVljEYVeSz28Mr1nLr0AHkP3Kvp/iuiID28y 8aY7A8XcuaeeSvwUHyQCcE+BMAAnBHp6d31NBrcD3cGLKoIgcTHjezIOgqdUOUYw9d9r l58w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=512TSv1BhDBum5ZjAB6WdIvoruLPU2lnwxcXGckw5xo=; b=Azj//BRzHqT+nhdVWI8NuRv+HzC5Lp5+F13BGrhsjoWi1/zGn/AIAk/VbaweI3h2xF FJEg6r92Cub1TU1mCG/hl6elV2fjFiraQhzsX9v86HSdyo86akw8/aKygo71emCnYAqL MlhFNjeEsZco9Ha36ok0rXrZWznrvTwGw7wUkdz+Aa8PbGH3r7hgnsARdIGuTNYPuoPl 48r82Er61UhkmCMMv5AutfIuzlVOJueQf4sB1kUXYos/g1Sm+cjlj0Z8Kvp2MQPoHB5Y HvRU2GNyOZK3dKRToi73zho53MxcKRkvCM0gUQtxTB6JPDTywcxadnw/lascvkJd1uHq 6mRw== X-Gm-Message-State: AJIora9TJBL9IbVAJhxmr1zCtwM7kR0c5rnajih63gJySxIu8I5t/4Ws ZIP2zuR7KG4KOPYZ8xyB7Yfvs7XnWlY= X-Google-Smtp-Source: AGRyM1vloxXeWns8vkADaOQi06ueUgrZd+vXors2WoPr++Dtk0c87aF5wWyerrvGS0ZvVIsvA8VUlw== X-Received: by 2002:adf:e503:0:b0:21d:6d98:a92a with SMTP id j3-20020adfe503000000b0021d6d98a92amr10520566wrm.62.1657852726372; Thu, 14 Jul 2022 19:38:46 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id h8-20020adff4c8000000b0021d887f9468sm2683124wrp.25.2022.07.14.19.38.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Jul 2022 19:38:45 -0700 (PDT) Message-Id: <3c3c8c20bcb4e570d25a676ad1f29877762adb82.1657852722.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Fri, 15 Jul 2022 02:38:41 +0000 Subject: [PATCH v2 2/3] t/*: avoid "whitelist" Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, johannes.schindelin@gmx.de, Jeff King , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsA==?= Bjarmason , Derrick Stolee , Derrick Stolee Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Derrick Stolee From: Derrick Stolee The word "whitelist" has cultural implications that are not inclusive. Thankfully, it is not difficult to reword and avoid its use. Focus on changes in the test scripts, since most of the changes are in comments and test names. The renamed test_allow_var helper is only used once inside the widely-used test_proto helper. Signed-off-by: Derrick Stolee --- t/README | 9 ++++----- t/lib-proto-disable.sh | 6 +++--- t/t5812-proto-disable-http.sh | 2 +- t/t5815-submodule-protos.sh | 4 ++-- t/t9400-git-cvsserver-server.sh | 2 +- t/test-lib-functions.sh | 2 +- t/test-lib.sh | 2 +- 7 files changed, 13 insertions(+), 14 deletions(-) diff --git a/t/README b/t/README index 309a31133c6..56d5ebb5798 100644 --- a/t/README +++ b/t/README @@ -367,11 +367,10 @@ GIT_TEST_SPLIT_INDEX= forces split-index mode on the whole test suite. Accept any boolean values that are accepted by git-config. GIT_TEST_PASSING_SANITIZE_LEAK= when compiled with -SANITIZE=leak will run only those tests that have whitelisted -themselves as passing with no memory leaks. Tests can be whitelisted -by setting "TEST_PASSES_SANITIZE_LEAK=true" before sourcing -"test-lib.sh" itself at the top of the test script. This test mode is -used by the "linux-leaks" CI target. +SANITIZE=leak will run only those tests that have marked themselves as +passing with no memory leaks by setting "TEST_PASSES_SANITIZE_LEAK=true" +before sourcing "test-lib.sh" itself at the top of the test script. This +test mode is used by the "linux-leaks" CI target. GIT_TEST_PROTOCOL_VERSION=, when set, makes 'protocol.version' default to n. diff --git a/t/lib-proto-disable.sh b/t/lib-proto-disable.sh index 83babe57d95..890622be816 100644 --- a/t/lib-proto-disable.sh +++ b/t/lib-proto-disable.sh @@ -1,7 +1,7 @@ # Test routines for checking protocol disabling. -# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist -test_whitelist () { +# Test clone/fetch/push with GIT_ALLOW_PROTOCOL environment variable +test_allow_var () { desc=$1 proto=$2 url=$3 @@ -183,7 +183,7 @@ test_config () { # $2 - machine-readable name of the protocol # $3 - the URL to try cloning test_proto () { - test_whitelist "$@" + test_allow_var "$@" test_config "$@" } diff --git a/t/t5812-proto-disable-http.sh b/t/t5812-proto-disable-http.sh index af8772fadaa..bbeebee02f1 100755 --- a/t/t5812-proto-disable-http.sh +++ b/t/t5812-proto-disable-http.sh @@ -16,7 +16,7 @@ test_expect_success 'create git-accessible repo' ' test_proto "smart http" http "$HTTPD_URL/smart/repo.git" -test_expect_success 'curl redirects respect whitelist' ' +test_expect_success 'curl redirects respect allowed protocols' ' test_must_fail env GIT_ALLOW_PROTOCOL=http:https \ GIT_SMART_HTTP=0 \ git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr && diff --git a/t/t5815-submodule-protos.sh b/t/t5815-submodule-protos.sh index 06f55a1b8a0..990f034149d 100755 --- a/t/t5815-submodule-protos.sh +++ b/t/t5815-submodule-protos.sh @@ -1,6 +1,6 @@ #!/bin/sh -test_description='test protocol whitelisting with submodules' +test_description='test protocol restrictions with submodules' . ./test-lib.sh . "$TEST_DIRECTORY"/lib-proto-disable.sh @@ -36,7 +36,7 @@ test_expect_success 'update of ext not allowed' ' test_must_fail git -C dst submodule update ext-module ' -test_expect_success 'user can override whitelist' ' +test_expect_success 'user can override with environment variable' ' GIT_ALLOW_PROTOCOL=ext git -C dst submodule update ext-module ' diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh index 210ddf09e30..51b798cb493 100755 --- a/t/t9400-git-cvsserver-server.sh +++ b/t/t9400-git-cvsserver-server.sh @@ -221,7 +221,7 @@ test_expect_success 'req_Root (export-all)' \ 'cat request-anonymous | git-cvsserver --export-all pserver "$WORKDIR" >log 2>&1 && sed -ne \$p log | grep "^I LOVE YOU\$"' -test_expect_success 'req_Root failure (export-all w/o whitelist)' \ +test_expect_success 'req_Root failure (export-all w/o directory)' \ '! (cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 || false)' test_expect_success 'req_Root (everything together)' \ diff --git a/t/test-lib-functions.sh b/t/test-lib-functions.sh index 6da7273f1d5..6fe62329d8b 100644 --- a/t/test-lib-functions.sh +++ b/t/test-lib-functions.sh @@ -651,7 +651,7 @@ test_set_prereq () { # test_unset_prereq() !*) ;; - # (Temporary?) whitelist of things we can't easily + # (Temporary?) list of things we can't easily # pretend not to support SYMLINKS) ;; diff --git a/t/test-lib.sh b/t/test-lib.sh index 55857af601b..fff85f4b425 100644 --- a/t/test-lib.sh +++ b/t/test-lib.sh @@ -1408,7 +1408,7 @@ then test_done fi -# skip non-whitelisted tests when compiled with SANITIZE=leak +# skip unmarked tests when compiled with SANITIZE=leak if test -n "$SANITIZE_LEAK" then if test_bool_env GIT_TEST_PASSING_SANITIZE_LEAK false From patchwork Fri Jul 15 02:38:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 12918679 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65386C43334 for ; Fri, 15 Jul 2022 02:38:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241305AbiGOCi5 (ORCPT ); Thu, 14 Jul 2022 22:38:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241296AbiGOCiu (ORCPT ); Thu, 14 Jul 2022 22:38:50 -0400 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3FAD213DD4 for ; Thu, 14 Jul 2022 19:38:49 -0700 (PDT) Received: by mail-wm1-x331.google.com with SMTP id be14-20020a05600c1e8e00b003a04a458c54so2230053wmb.3 for ; Thu, 14 Jul 2022 19:38:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=Hvfoc8unMaEmjzxkbxlLn6cq/ISSTIo+LgnkVDfLiHw=; b=N6RsoOBCN6KlTxehauttsbabfdl1jrcXk3A1asKl05plnVB6CUK09W3BHq8YJTDZsA D7q2A3nwaOXf8lxxHo3fV4taHbUf0ZTXohoELnKAcmXyjYeYG/x9ZwLRgXZIlGU0fSDq I5VfiLGWpyKgocScFjs9+1ci9+22bS5/il4xosUm6cII7T/mG501Wrq4QpAHbTAjaaJd 01OYUg/KeHDcoresaLq7B/349jhtKnWacarew1qIA78Fb7Zdmn4mStVQR+rO7O/X+vi4 vtmzuInuBiu19HmBR5IYsezkZxWtknbpo/Z9frn51yCiW3tv/H6qjkyaizbKbgvBtCiM lgcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=Hvfoc8unMaEmjzxkbxlLn6cq/ISSTIo+LgnkVDfLiHw=; b=T0+wxhRSNTFHXjJOThmlXDOhlOBqiALWHqRy1QE5wSRry4N+umtdYsT3Dt8RJJS378 ChITiM92fIayA8Uzgrs4909395VnZpO6bBmrUL+UbXOnZBnfZYN3UgDedY99TyCkdpbp jNqLtQVoKi0XS6TLmhnl1zFO1AeiV44ctgEROFFWJBCCUMhyaS94fX0u8e7lr9Dk7VIj K2TgXfjfm7qXRzvcBXmSIz/NaGSwJc52R1nLtupTqWmmFoGjD5C8+v8o7VRnaJRR9Vlq lHmnTrhW2A+amGr6vWa44ff7nu7KZWDMBWNhEZ/Ug4gRNuEzD5zn6n9pljDaPBiZhaGy QoOg== X-Gm-Message-State: AJIora8u+OrLNP5KqJTTFhQ54nUHF6ldkA2irHyyaJ07ySQg9qbuzHY1 NvoIv9AdRSHL/DNE4kpSDYqm06pFa2A= X-Google-Smtp-Source: AGRyM1srppYfDo7E0Iev8b00QyxdbutWvBscqdOrlfSVMNotQ/hlnT9DSBCE3XbusSE1W12vwVQaPQ== X-Received: by 2002:a05:600c:2157:b0:3a2:fea7:4390 with SMTP id v23-20020a05600c215700b003a2fea74390mr9205986wml.117.1657852727382; Thu, 14 Jul 2022 19:38:47 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id v1-20020adfebc1000000b0021b98d73a4esm2743704wrn.114.2022.07.14.19.38.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Jul 2022 19:38:46 -0700 (PDT) Message-Id: <0d862cbbebe1a9f47f72255217faf734b1db4055.1657852722.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Fri, 15 Jul 2022 02:38:42 +0000 Subject: [PATCH v2 3/3] *: avoid "whitelist" Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, johannes.schindelin@gmx.de, Jeff King , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsA==?= Bjarmason , Derrick Stolee , Derrick Stolee Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Derrick Stolee From: Derrick Stolee The word "whitelist" has cultural implications that are not inclusive. Thankfully, it is not difficult to reword and avoid its use. A previous change already modified the documentation for git-cvsserver and git-daemon to refer to a directory list. It is simple to update the comments and error messages here to refer to that directory list. In the case of transport.c, the GIT_ALLOW_PROTOCOL environment variable was referred to as a "whitelist", but the word "allow" is already part of the variable. Replace "whitelist" with "allow_list" in these cases to demonstrate that we are processing a list of allowed protocols. After this change, the only remaining uses of "whitelist" and its companion "blacklist" are in release notes for older versions of Git and in the sha1dc project, which is maintained independently. Signed-off-by: Derrick Stolee --- daemon.c | 8 ++++---- git-cvsserver.perl | 2 +- transport.c | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/daemon.c b/daemon.c index 58f1077885c..e0706efc652 100644 --- a/daemon.c +++ b/daemon.c @@ -279,7 +279,7 @@ static const char *path_ok(const char *directory, struct hostinfo *hi) /* The validation is done on the paths after enter_repo * appends optional {.git,.git/.git} and friends, but * it does not use getcwd(). So if your /pub is - * a symlink to /mnt/pub, you can whitelist /pub and + * a symlink to /mnt/pub, you can include /pub and * do not have to say /mnt/pub. * Do not say /pub/. */ @@ -298,7 +298,7 @@ static const char *path_ok(const char *directory, struct hostinfo *hi) return path; } - logerror("'%s': not in whitelist", path); + logerror("'%s': not in directory list", path); return NULL; /* Fallthrough. Deny by default */ } @@ -403,7 +403,7 @@ static int run_service(const char *dir, struct daemon_service *service, * a "git-daemon-export-ok" flag that says that the other side * is ok with us doing this. * - * path_ok() uses enter_repo() and does whitelist checking. + * path_ok() uses enter_repo() and checks for included directories. * We only need to make sure the repository is exported. */ @@ -1444,7 +1444,7 @@ int cmd_main(int argc, const char **argv) cred = prepare_credentials(user_name, group_name); if (strict_paths && (!ok_paths || !*ok_paths)) - die("option --strict-paths requires a whitelist"); + die("option --strict-paths requires a directory list"); if (base_path && !is_directory(base_path)) die("base-path '%s' does not exist or is not a directory", diff --git a/git-cvsserver.perl b/git-cvsserver.perl index 4c8118010a8..ec64f06af7c 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -152,7 +152,7 @@ $state->{allowed_roots} = [ @ARGV ]; # don't export the whole system unless the users requests it if ($state->{'export-all'} && !@{$state->{allowed_roots}}) { - die "--export-all can only be used together with an explicit whitelist\n"; + die "--export-all can only be used together with an explicit directory list\n"; } # Environment handling for running under git-shell diff --git a/transport.c b/transport.c index 52db7a3cb09..b51e991e443 100644 --- a/transport.c +++ b/transport.c @@ -940,7 +940,7 @@ static int external_specification_len(const char *url) return strchr(url, ':') - url; } -static const struct string_list *protocol_whitelist(void) +static const struct string_list *protocol_allow_list(void) { static int enabled = -1; static struct string_list allowed = STRING_LIST_INIT_DUP; @@ -1020,9 +1020,9 @@ static enum protocol_allow_config get_protocol_config(const char *type) int is_transport_allowed(const char *type, int from_user) { - const struct string_list *whitelist = protocol_whitelist(); - if (whitelist) - return string_list_has_string(whitelist, type); + const struct string_list *allow_list = protocol_allow_list(); + if (allow_list) + return string_list_has_string(allow_list, type); switch (get_protocol_config(type)) { case PROTOCOL_ALLOW_ALWAYS: