diff options
author | Christian Couder <christian.couder@gmail.com> | 2019-05-29 14:44:32 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2019-05-29 11:05:34 -0700 |
commit | e693237e2ba27b6129e8af7f6a794f5c2fbd26f3 (patch) | |
tree | 2317223e6228a03a1b0b9fd4ecf5dc51a5eb5fbb /Documentation/rev-list-options.txt | |
parent | aa25c82427ae70aebf3b8f970f2afd54e9a2a8c6 (diff) | |
download | git-e693237e2ba27b6129e8af7f6a794f5c2fbd26f3.tar.gz |
list-objects-filter: disable 'sparse:path' filters
If someone wants to use as a filter a sparse file that is in the
repository, something like "--filter=sparse:oid=<ref>:<path>"
already works.
So 'sparse:path' is only interesting if the sparse file is not in
the repository. In this case though the current implementation has
a big security issue, as it makes it possible to ask the server to
read any file, like for example /etc/password, and to explore the
filesystem, as well as individual lines of files.
If someone is interested in using a sparse file that is not in the
repository as a filter, then at the minimum a config option, such
as "uploadpack.sparsePathFilter", should be implemented first to
restrict the directory from which the files specified by
'sparse:path' can be read.
For now though, let's just disable 'sparse:path' filters.
Helped-by: Matthew DeVore <matvore@google.com>
Helped-by: Jeff Hostetler <git@jeffhostetler.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation/rev-list-options.txt')
-rw-r--r-- | Documentation/rev-list-options.txt | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/Documentation/rev-list-options.txt b/Documentation/rev-list-options.txt index ddbc1de43f..71a1fcc093 100644 --- a/Documentation/rev-list-options.txt +++ b/Documentation/rev-list-options.txt @@ -725,9 +725,6 @@ specification contained in the blob (or blob-expression) '<blob-ish>' to omit blobs that would not be not required for a sparse checkout on the requested refs. + -The form '--filter=sparse:path=<path>' similarly uses a sparse-checkout -specification contained in <path>. -+ The form '--filter=tree:<depth>' omits all blobs and trees whose depth from the root tree is >= <depth> (minimum depth if an object is located at multiple depths in the commits traversed). <depth>=0 will not include @@ -737,6 +734,10 @@ tree and blobs which are referenced directly by a commit reachable from <commit> or an explicitly-given object. <depth>=2 is like <depth>=1 while also including trees and blobs one more level removed from an explicitly-given commit or tree. ++ +Note that the form '--filter=sparse:path=<path>' that wants to read +from an arbitrary path on the filesystem has been dropped for security +reasons. --no-filter:: Turn off any previous `--filter=` argument. |