X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=lib%2FPublicInbox%2FSolverGit.pm;h=f881e16e41c89cfdd74515401ad2b164394dde22;hb=a7c58d0ce022671c9170401054a1131b9ec15bfa;hp=06b4cdc40c220d6d849f9c05ef3b439cf0708471;hpb=021b862ac94f1c226f0778a336d4f3d566b86f9b;p=public-inbox.git diff --git a/lib/PublicInbox/SolverGit.pm b/lib/PublicInbox/SolverGit.pm index 06b4cdc4..f881e16e 100644 --- a/lib/PublicInbox/SolverGit.pm +++ b/lib/PublicInbox/SolverGit.pm @@ -1,4 +1,4 @@ -# Copyright (C) 2019 all contributors +# Copyright (C) 2019-2020 all contributors # License: AGPL-3.0+ # "Solve" blobs which don't exist in git code repositories by @@ -34,6 +34,12 @@ my $OID_MIN = 7; # work fairly. Other PSGI servers may have trouble, though. my $MAX_PATCH = 9999; +my $LF = qr!\r?\n!; +my $ANY = qr![^\r\n]+!; +my $MODE = '100644|120000|100755'; +my $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!; +my %BAD_COMPONENT = ('' => 1, '.' => 1, '..' => 1); + # di = diff info / a hashref with information about a diff ($di): # { # oid_a => abbreviated pre-image oid, @@ -110,10 +116,6 @@ sub extract_diff ($$) { $s =~ s/\r\n/\n/sg; } - state $LF = qr!\r?\n!; - state $ANY = qr![^\r\n]+!; - state $MODE = '100644|120000|100755'; - state $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!; $s =~ m!( # $1 start header lines we save for debugging: @@ -174,8 +176,7 @@ sub extract_diff ($$) { # get rid of path-traversal attempts and junk patches: # it's junk at best, an attack attempt at worse: - state $bad_component = { map { $_ => 1 } ('', '.', '..') }; - foreach (@a, @b) { return if $bad_component->{$_} } + foreach (@a, @b) { return if $BAD_COMPONENT{$_} } $di->{path_a} = join('/', @a) if @a; $di->{path_b} = join('/', @b); @@ -530,7 +531,8 @@ sub resolve_patch ($$) { if (my $existing = solve_existing($self, $want)) { my ($found_git, undef, $type, undef) = @$existing; dbg($self, "found $cur_want in " . - join("\n", $found_git->pub_urls($self->{psgi_env}))); + join(" ||\n\t", + $found_git->pub_urls($self->{psgi_env}))); if ($cur_want eq $self->{oid_want} || $type ne 'blob') { eval { done($self, $existing) }; @@ -548,7 +550,7 @@ sub resolve_patch ($$) { unshift @{$self->{patches}}, @$diffs; dbg($self, "found $cur_want in ". - join("\n\t", map { di_url($self, $_) } @$diffs)); + join(" ||\n\t", map { di_url($self, $_) } @$diffs)); # good, we can find a path to the oid we $want, now # lets see if we need to apply more patches: