From 9b9aabe6ab5d07227c1c02781f03a3c38fbc27b0 Mon Sep 17 00:00:00 2001

From: Jeff King <peff@peff.net>

Date: Tue, 22 Sep 2015 18:03:49 -0400

Subject: [PATCH 3/5] transport: refactor protocol whitelist code

The current callers only want to die when their transport is

prohibited. But future callers want to query the mechanism

without dying.

Let's break out a few query functions, and also save the

results in a static list so we don't have to re-parse for

each query.

Based-on-a-patch-by: Blake Burkhart <bburky@bburky.com>

Signed-off-by: Jeff King <peff@peff.net>

Signed-off-by: Junio C Hamano <gitster@pobox.com>

---

 transport.c | 38 ++++++++++++++++++++++++++++++--------

 transport.h | 15 +++++++++++++--

 2 files changed, 43 insertions(+), 10 deletions(-)

diff --git a/transport.c b/transport.c

index 733717d..2dbdca0 100644

--- a/transport.c

+++ b/transport.c

@@ -894,18 +894,40 @@ static int external_specification_len(const char *url)

 	return strchr(url, ':') - url;

 }

-void transport_check_allowed(const char *type)

+static const struct string_list *protocol_whitelist(void)

 {

-	struct string_list allowed = STRING_LIST_INIT_DUP;

-	const char *v = getenv("GIT_ALLOW_PROTOCOL");

+	static int enabled = -1;

+	static struct string_list allowed = STRING_LIST_INIT_DUP;

+

+	if (enabled < 0) {

+		const char *v = getenv("GIT_ALLOW_PROTOCOL");

+		if (v) {

+			string_list_split(&allowed, v, ':', -1);

+			sort_string_list(&allowed);

+			enabled = 1;

+		} else {

+			enabled = 0;

+		}

+	}

-	if (!v)

-		return;

+	return enabled ? &allowed : NULL;

+}

+

+int is_transport_allowed(const char *type)

+{

+	const struct string_list *allowed = protocol_whitelist();

+	return !allowed || string_list_has_string(allowed, type);

+}

-	string_list_split(&allowed, v, ':', -1);

-	if (!unsorted_string_list_has_string(&allowed, type))

+void transport_check_allowed(const char *type)

+{

+	if (!is_transport_allowed(type))

 		die("transport '%s' not allowed", type);

-	string_list_clear(&allowed, 0);

+}

+

+int transport_restrict_protocols(void)

+{

+	return !!protocol_whitelist();

 }

 struct transport *transport_get(struct remote *remote, const char *url)

diff --git a/transport.h b/transport.h

index 2beda7d..7707c27 100644

--- a/transport.h

+++ b/transport.h

@@ -114,12 +114,23 @@ struct transport {

 struct transport *transport_get(struct remote *, const char *);

 /*

+ * Check whether a transport is allowed by the environment. Type should

+ * generally be the URL scheme, as described in Documentation/git.txt

+ */

+int is_transport_allowed(const char *type);

+

+/*

  * Check whether a transport is allowed by the environment,

- * and die otherwise. type should generally be the URL scheme,

- * as described in Documentation/git.txt

+ * and die otherwise.

  */

 void transport_check_allowed(const char *type);

+/*

+ * Returns true if the user has attempted to turn on protocol

+ * restrictions at all.

+ */

+int transport_restrict_protocols(void);

+

 /* Transport options which apply to git:// and scp-style URLs */

 /* The program to use on the remote side to send a pack */

-- 

2.1.0