-# Copyright (C) 2019 all contributors <meta@public-inbox.org>
+# Copyright (C) 2019-2020 all contributors <meta@public-inbox.org>
# License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
# "Solve" blobs which don't exist in git code repositories by
# searching inboxes for post-image blobs.
# this emits a lot of debugging/tracing information which may be
-# publically viewed over HTTP(S). Be careful not to expose
+# publicly viewed over HTTP(S). Be careful not to expose
# local filesystem layouts in the process.
package PublicInbox::SolverGit;
use strict;
use warnings;
use 5.010_001;
-use File::Temp 0.19 ();
+use File::Temp 0.19 (); # 0.19 for ->newdir
use Fcntl qw(SEEK_SET);
use PublicInbox::Git qw(git_unquote git_quote);
use PublicInbox::MsgIter qw(msg_iter msg_part_text);
# work fairly. Other PSGI servers may have trouble, though.
my $MAX_PATCH = 9999;
+my $LF = qr!\r?\n!;
+my $ANY = qr![^\r\n]+!;
+my $MODE = '100644|120000|100755';
+my $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!;
+my %BAD_COMPONENT = ('' => 1, '.' => 1, '..' => 1);
+
# di = diff info / a hashref with information about a diff ($di):
# {
# oid_a => abbreviated pre-image oid,
$s =~ s/\r\n/\n/sg;
}
- state $LF = qr!\r?\n!;
- state $ANY = qr![^\r\n]+!;
- state $MODE = '100644|120000|100755';
- state $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!;
$s =~ m!( # $1 start header lines we save for debugging:
# the meat of the diff, including "^\\No newline ..."
# We also allow for totally blank lines w/o leading spaces,
# because git-apply(1) handles that case, too
- (?:^(?:[\@\+\x20\-\\][^\r\n]*|)$LF)+
+ (?:^(?:[\@\+\x20\-\\][^\n]*|)$LF)+
)!smx or return;
my $di = {
my $patch = $9;
# don't care for leading 'a/' and 'b/'
- my (undef, @a) = split(m{/}, git_unquote($path_a));
+ my (undef, @a) = split(m{/}, git_unquote($path_a)) if defined($path_a);
my (undef, @b) = split(m{/}, git_unquote($path_b));
# get rid of path-traversal attempts and junk patches:
# it's junk at best, an attack attempt at worse:
- state $bad_component = { map { $_ => 1 } ('', '.', '..') };
- foreach (@a, @b) { return if $bad_component->{$_} }
+ foreach (@a, @b) { return if $BAD_COMPONENT{$_} }
- $di->{path_a} = join('/', @a);
+ $di->{path_a} = join('/', @a) if @a;
$di->{path_b} = join('/', @b);
my $path = ++$self->{tot};
my $diffs = [];
foreach my $smsg (@$msgs) {
$ibx->smsg_mime($smsg) or next;
- my $mime = delete $smsg->{mime};
- msg_iter($mime, \&extract_diff,
- [$self, $diffs, $pre, $post, $ibx, $smsg]);
+ msg_iter(delete $smsg->{mime}, \&extract_diff,
+ [$self, $diffs, $pre, $post, $ibx, $smsg], 1);
}
@$diffs ? $diffs : undef;
}
if (my $existing = solve_existing($self, $want)) {
my ($found_git, undef, $type, undef) = @$existing;
dbg($self, "found $cur_want in " .
- join("\n", $found_git->pub_urls($self->{psgi_env})));
+ join(" ||\n\t",
+ $found_git->pub_urls($self->{psgi_env})));
if ($cur_want eq $self->{oid_want} || $type ne 'blob') {
eval { done($self, $existing) };
unshift @{$self->{patches}}, @$diffs;
dbg($self, "found $cur_want in ".
- join("\n\t", map { di_url($self, $_) } @$diffs));
+ join(" ||\n\t", map { di_url($self, $_) } @$diffs));
# good, we can find a path to the oid we $want, now
# lets see if we need to apply more patches: