Fix potentially dangerous uses of mkpath and git_path
[git/jnareb-git.git] / attr.c
blob17f6a4dca521d9690377f2e93a0192d8a874d2ad
1 #include "cache.h"
2 #include "attr.h"
4 const char git_attr__true[] = "(builtin)true";
5 const char git_attr__false[] = "\0(builtin)false";
6 static const char git_attr__unknown[] = "(builtin)unknown";
7 #define ATTR__TRUE git_attr__true
8 #define ATTR__FALSE git_attr__false
9 #define ATTR__UNSET NULL
10 #define ATTR__UNKNOWN git_attr__unknown
13 * The basic design decision here is that we are not going to have
14 * insanely large number of attributes.
16 * This is a randomly chosen prime.
18 #define HASHSIZE 257
20 #ifndef DEBUG_ATTR
21 #define DEBUG_ATTR 0
22 #endif
24 struct git_attr {
25 struct git_attr *next;
26 unsigned h;
27 int attr_nr;
28 char name[FLEX_ARRAY];
30 static int attr_nr;
32 static struct git_attr_check *check_all_attr;
33 static struct git_attr *(git_attr_hash[HASHSIZE]);
35 static unsigned hash_name(const char *name, int namelen)
37 unsigned val = 0;
38 unsigned char c;
40 while (namelen--) {
41 c = *name++;
42 val = ((val << 7) | (val >> 22)) ^ c;
44 return val;
47 static int invalid_attr_name(const char *name, int namelen)
50 * Attribute name cannot begin with '-' and from
51 * [-A-Za-z0-9_.]. We'd specifically exclude '=' for now,
52 * as we might later want to allow non-binary value for
53 * attributes, e.g. "*.svg merge=special-merge-program-for-svg"
55 if (*name == '-')
56 return -1;
57 while (namelen--) {
58 char ch = *name++;
59 if (! (ch == '-' || ch == '.' || ch == '_' ||
60 ('0' <= ch && ch <= '9') ||
61 ('a' <= ch && ch <= 'z') ||
62 ('A' <= ch && ch <= 'Z')) )
63 return -1;
65 return 0;
68 struct git_attr *git_attr(const char *name, int len)
70 unsigned hval = hash_name(name, len);
71 unsigned pos = hval % HASHSIZE;
72 struct git_attr *a;
74 for (a = git_attr_hash[pos]; a; a = a->next) {
75 if (a->h == hval &&
76 !memcmp(a->name, name, len) && !a->name[len])
77 return a;
80 if (invalid_attr_name(name, len))
81 return NULL;
83 a = xmalloc(sizeof(*a) + len + 1);
84 memcpy(a->name, name, len);
85 a->name[len] = 0;
86 a->h = hval;
87 a->next = git_attr_hash[pos];
88 a->attr_nr = attr_nr++;
89 git_attr_hash[pos] = a;
91 check_all_attr = xrealloc(check_all_attr,
92 sizeof(*check_all_attr) * attr_nr);
93 check_all_attr[a->attr_nr].attr = a;
94 check_all_attr[a->attr_nr].value = ATTR__UNKNOWN;
95 return a;
99 * .gitattributes file is one line per record, each of which is
101 * (1) glob pattern.
102 * (2) whitespace
103 * (3) whitespace separated list of attribute names, each of which
104 * could be prefixed with '-' to mean "set to false", '!' to mean
105 * "unset".
108 /* What does a matched pattern decide? */
109 struct attr_state {
110 struct git_attr *attr;
111 const char *setto;
114 struct match_attr {
115 union {
116 char *pattern;
117 struct git_attr *attr;
118 } u;
119 char is_macro;
120 unsigned num_attr;
121 struct attr_state state[FLEX_ARRAY];
124 static const char blank[] = " \t\r\n";
126 static const char *parse_attr(const char *src, int lineno, const char *cp,
127 int *num_attr, struct match_attr *res)
129 const char *ep, *equals;
130 int len;
132 ep = cp + strcspn(cp, blank);
133 equals = strchr(cp, '=');
134 if (equals && ep < equals)
135 equals = NULL;
136 if (equals)
137 len = equals - cp;
138 else
139 len = ep - cp;
140 if (!res) {
141 if (*cp == '-' || *cp == '!') {
142 cp++;
143 len--;
145 if (invalid_attr_name(cp, len)) {
146 fprintf(stderr,
147 "%.*s is not a valid attribute name: %s:%d\n",
148 len, cp, src, lineno);
149 return NULL;
151 } else {
152 struct attr_state *e;
154 e = &(res->state[*num_attr]);
155 if (*cp == '-' || *cp == '!') {
156 e->setto = (*cp == '-') ? ATTR__FALSE : ATTR__UNSET;
157 cp++;
158 len--;
160 else if (!equals)
161 e->setto = ATTR__TRUE;
162 else {
163 e->setto = xmemdupz(equals + 1, ep - equals - 1);
165 e->attr = git_attr(cp, len);
167 (*num_attr)++;
168 return ep + strspn(ep, blank);
171 static struct match_attr *parse_attr_line(const char *line, const char *src,
172 int lineno, int macro_ok)
174 int namelen;
175 int num_attr;
176 const char *cp, *name;
177 struct match_attr *res = NULL;
178 int pass;
179 int is_macro;
181 cp = line + strspn(line, blank);
182 if (!*cp || *cp == '#')
183 return NULL;
184 name = cp;
185 namelen = strcspn(name, blank);
186 if (strlen(ATTRIBUTE_MACRO_PREFIX) < namelen &&
187 !prefixcmp(name, ATTRIBUTE_MACRO_PREFIX)) {
188 if (!macro_ok) {
189 fprintf(stderr, "%s not allowed: %s:%d\n",
190 name, src, lineno);
191 return NULL;
193 is_macro = 1;
194 name += strlen(ATTRIBUTE_MACRO_PREFIX);
195 name += strspn(name, blank);
196 namelen = strcspn(name, blank);
197 if (invalid_attr_name(name, namelen)) {
198 fprintf(stderr,
199 "%.*s is not a valid attribute name: %s:%d\n",
200 namelen, name, src, lineno);
201 return NULL;
204 else
205 is_macro = 0;
207 for (pass = 0; pass < 2; pass++) {
208 /* pass 0 counts and allocates, pass 1 fills */
209 num_attr = 0;
210 cp = name + namelen;
211 cp = cp + strspn(cp, blank);
212 while (*cp) {
213 cp = parse_attr(src, lineno, cp, &num_attr, res);
214 if (!cp)
215 return NULL;
217 if (pass)
218 break;
219 res = xcalloc(1,
220 sizeof(*res) +
221 sizeof(struct attr_state) * num_attr +
222 (is_macro ? 0 : namelen + 1));
223 if (is_macro)
224 res->u.attr = git_attr(name, namelen);
225 else {
226 res->u.pattern = (char*)&(res->state[num_attr]);
227 memcpy(res->u.pattern, name, namelen);
228 res->u.pattern[namelen] = 0;
230 res->is_macro = is_macro;
231 res->num_attr = num_attr;
233 return res;
237 * Like info/exclude and .gitignore, the attribute information can
238 * come from many places.
240 * (1) .gitattribute file of the same directory;
241 * (2) .gitattribute file of the parent directory if (1) does not have
242 * any match; this goes recursively upwards, just like .gitignore.
243 * (3) $GIT_DIR/info/attributes, which overrides both of the above.
245 * In the same file, later entries override the earlier match, so in the
246 * global list, we would have entries from info/attributes the earliest
247 * (reading the file from top to bottom), .gitattribute of the root
248 * directory (again, reading the file from top to bottom) down to the
249 * current directory, and then scan the list backwards to find the first match.
250 * This is exactly the same as what excluded() does in dir.c to deal with
251 * .gitignore
254 static struct attr_stack {
255 struct attr_stack *prev;
256 char *origin;
257 unsigned num_matches;
258 unsigned alloc;
259 struct match_attr **attrs;
260 } *attr_stack;
262 static void free_attr_elem(struct attr_stack *e)
264 int i;
265 free(e->origin);
266 for (i = 0; i < e->num_matches; i++) {
267 struct match_attr *a = e->attrs[i];
268 int j;
269 for (j = 0; j < a->num_attr; j++) {
270 const char *setto = a->state[j].setto;
271 if (setto == ATTR__TRUE ||
272 setto == ATTR__FALSE ||
273 setto == ATTR__UNSET ||
274 setto == ATTR__UNKNOWN)
276 else
277 free((char*) setto);
279 free(a);
281 free(e);
284 static const char *builtin_attr[] = {
285 "[attr]binary -diff -crlf",
286 NULL,
289 static void handle_attr_line(struct attr_stack *res,
290 const char *line,
291 const char *src,
292 int lineno,
293 int macro_ok)
295 struct match_attr *a;
297 a = parse_attr_line(line, src, lineno, macro_ok);
298 if (!a)
299 return;
300 if (res->alloc <= res->num_matches) {
301 res->alloc = alloc_nr(res->num_matches);
302 res->attrs = xrealloc(res->attrs,
303 sizeof(struct match_attr *) *
304 res->alloc);
306 res->attrs[res->num_matches++] = a;
309 static struct attr_stack *read_attr_from_array(const char **list)
311 struct attr_stack *res;
312 const char *line;
313 int lineno = 0;
315 res = xcalloc(1, sizeof(*res));
316 while ((line = *(list++)) != NULL)
317 handle_attr_line(res, line, "[builtin]", ++lineno, 1);
318 return res;
321 static struct attr_stack *read_attr_from_file(const char *path, int macro_ok)
323 FILE *fp = fopen(path, "r");
324 struct attr_stack *res;
325 char buf[2048];
326 int lineno = 0;
328 if (!fp)
329 return NULL;
330 res = xcalloc(1, sizeof(*res));
331 while (fgets(buf, sizeof(buf), fp))
332 handle_attr_line(res, buf, path, ++lineno, macro_ok);
333 fclose(fp);
334 return res;
337 static void *read_index_data(const char *path)
339 int pos, len;
340 unsigned long sz;
341 enum object_type type;
342 void *data;
344 len = strlen(path);
345 pos = cache_name_pos(path, len);
346 if (pos < 0) {
348 * We might be in the middle of a merge, in which
349 * case we would read stage #2 (ours).
351 int i;
352 for (i = -pos - 1;
353 (pos < 0 && i < active_nr &&
354 !strcmp(active_cache[i]->name, path));
355 i++)
356 if (ce_stage(active_cache[i]) == 2)
357 pos = i;
359 if (pos < 0)
360 return NULL;
361 data = read_sha1_file(active_cache[pos]->sha1, &type, &sz);
362 if (!data || type != OBJ_BLOB) {
363 free(data);
364 return NULL;
366 return data;
369 static struct attr_stack *read_attr(const char *path, int macro_ok)
371 struct attr_stack *res;
372 char *buf, *sp;
373 int lineno = 0;
375 res = read_attr_from_file(path, macro_ok);
376 if (res)
377 return res;
379 res = xcalloc(1, sizeof(*res));
382 * There is no checked out .gitattributes file there, but
383 * we might have it in the index. We allow operation in a
384 * sparsely checked out work tree, so read from it.
386 buf = read_index_data(path);
387 if (!buf)
388 return res;
390 for (sp = buf; *sp; ) {
391 char *ep;
392 int more;
393 for (ep = sp; *ep && *ep != '\n'; ep++)
395 more = (*ep == '\n');
396 *ep = '\0';
397 handle_attr_line(res, sp, path, ++lineno, macro_ok);
398 sp = ep + more;
400 free(buf);
401 return res;
404 #if DEBUG_ATTR
405 static void debug_info(const char *what, struct attr_stack *elem)
407 fprintf(stderr, "%s: %s\n", what, elem->origin ? elem->origin : "()");
409 static void debug_set(const char *what, const char *match, struct git_attr *attr, const void *v)
411 const char *value = v;
413 if (ATTR_TRUE(value))
414 value = "set";
415 else if (ATTR_FALSE(value))
416 value = "unset";
417 else if (ATTR_UNSET(value))
418 value = "unspecified";
420 fprintf(stderr, "%s: %s => %s (%s)\n",
421 what, attr->name, (char *) value, match);
423 #define debug_push(a) debug_info("push", (a))
424 #define debug_pop(a) debug_info("pop", (a))
425 #else
426 #define debug_push(a) do { ; } while (0)
427 #define debug_pop(a) do { ; } while (0)
428 #define debug_set(a,b,c,d) do { ; } while (0)
429 #endif
431 static void bootstrap_attr_stack(void)
433 if (!attr_stack) {
434 struct attr_stack *elem;
436 elem = read_attr_from_array(builtin_attr);
437 elem->origin = NULL;
438 elem->prev = attr_stack;
439 attr_stack = elem;
441 if (!is_bare_repository()) {
442 elem = read_attr(GITATTRIBUTES_FILE, 1);
443 elem->origin = strdup("");
444 elem->prev = attr_stack;
445 attr_stack = elem;
446 debug_push(elem);
449 elem = read_attr_from_file(git_path(INFOATTRIBUTES_FILE), 1);
450 if (!elem)
451 elem = xcalloc(1, sizeof(*elem));
452 elem->origin = NULL;
453 elem->prev = attr_stack;
454 attr_stack = elem;
458 static void prepare_attr_stack(const char *path, int dirlen)
460 struct attr_stack *elem, *info;
461 int len;
462 struct strbuf pathbuf;
464 strbuf_init(&pathbuf, dirlen+2+strlen(GITATTRIBUTES_FILE));
467 * At the bottom of the attribute stack is the built-in
468 * set of attribute definitions. Then, contents from
469 * .gitattribute files from directories closer to the
470 * root to the ones in deeper directories are pushed
471 * to the stack. Finally, at the very top of the stack
472 * we always keep the contents of $GIT_DIR/info/attributes.
474 * When checking, we use entries from near the top of the
475 * stack, preferring $GIT_DIR/info/attributes, then
476 * .gitattributes in deeper directories to shallower ones,
477 * and finally use the built-in set as the default.
479 if (!attr_stack)
480 bootstrap_attr_stack();
483 * Pop the "info" one that is always at the top of the stack.
485 info = attr_stack;
486 attr_stack = info->prev;
489 * Pop the ones from directories that are not the prefix of
490 * the path we are checking.
492 while (attr_stack && attr_stack->origin) {
493 int namelen = strlen(attr_stack->origin);
495 elem = attr_stack;
496 if (namelen <= dirlen &&
497 !strncmp(elem->origin, path, namelen))
498 break;
500 debug_pop(elem);
501 attr_stack = elem->prev;
502 free_attr_elem(elem);
506 * Read from parent directories and push them down
508 if (!is_bare_repository()) {
509 while (1) {
510 char *cp;
512 len = strlen(attr_stack->origin);
513 if (dirlen <= len)
514 break;
515 strbuf_reset(&pathbuf);
516 strbuf_add(&pathbuf, path, dirlen);
517 strbuf_addch(&pathbuf, '/');
518 cp = strchr(pathbuf.buf + len + 1, '/');
519 strcpy(cp + 1, GITATTRIBUTES_FILE);
520 elem = read_attr(pathbuf.buf, 0);
521 *cp = '\0';
522 elem->origin = strdup(pathbuf.buf);
523 elem->prev = attr_stack;
524 attr_stack = elem;
525 debug_push(elem);
530 * Finally push the "info" one at the top of the stack.
532 info->prev = attr_stack;
533 attr_stack = info;
536 static int path_matches(const char *pathname, int pathlen,
537 const char *pattern,
538 const char *base, int baselen)
540 if (!strchr(pattern, '/')) {
541 /* match basename */
542 const char *basename = strrchr(pathname, '/');
543 basename = basename ? basename + 1 : pathname;
544 return (fnmatch(pattern, basename, 0) == 0);
547 * match with FNM_PATHNAME; the pattern has base implicitly
548 * in front of it.
550 if (*pattern == '/')
551 pattern++;
552 if (pathlen < baselen ||
553 (baselen && pathname[baselen] != '/') ||
554 strncmp(pathname, base, baselen))
555 return 0;
556 if (baselen != 0)
557 baselen++;
558 return fnmatch(pattern, pathname + baselen, FNM_PATHNAME) == 0;
561 static int fill_one(const char *what, struct match_attr *a, int rem)
563 struct git_attr_check *check = check_all_attr;
564 int i;
566 for (i = 0; 0 < rem && i < a->num_attr; i++) {
567 struct git_attr *attr = a->state[i].attr;
568 const char **n = &(check[attr->attr_nr].value);
569 const char *v = a->state[i].setto;
571 if (*n == ATTR__UNKNOWN) {
572 debug_set(what, a->u.pattern, attr, v);
573 *n = v;
574 rem--;
577 return rem;
580 static int fill(const char *path, int pathlen, struct attr_stack *stk, int rem)
582 int i;
583 const char *base = stk->origin ? stk->origin : "";
585 for (i = stk->num_matches - 1; 0 < rem && 0 <= i; i--) {
586 struct match_attr *a = stk->attrs[i];
587 if (a->is_macro)
588 continue;
589 if (path_matches(path, pathlen,
590 a->u.pattern, base, strlen(base)))
591 rem = fill_one("fill", a, rem);
593 return rem;
596 static int macroexpand(struct attr_stack *stk, int rem)
598 int i;
599 struct git_attr_check *check = check_all_attr;
601 for (i = stk->num_matches - 1; 0 < rem && 0 <= i; i--) {
602 struct match_attr *a = stk->attrs[i];
603 if (!a->is_macro)
604 continue;
605 if (check[a->u.attr->attr_nr].value != ATTR__TRUE)
606 continue;
607 rem = fill_one("expand", a, rem);
609 return rem;
612 int git_checkattr(const char *path, int num, struct git_attr_check *check)
614 struct attr_stack *stk;
615 const char *cp;
616 int dirlen, pathlen, i, rem;
618 bootstrap_attr_stack();
619 for (i = 0; i < attr_nr; i++)
620 check_all_attr[i].value = ATTR__UNKNOWN;
622 pathlen = strlen(path);
623 cp = strrchr(path, '/');
624 if (!cp)
625 dirlen = 0;
626 else
627 dirlen = cp - path;
628 prepare_attr_stack(path, dirlen);
629 rem = attr_nr;
630 for (stk = attr_stack; 0 < rem && stk; stk = stk->prev)
631 rem = fill(path, pathlen, stk, rem);
633 for (stk = attr_stack; 0 < rem && stk; stk = stk->prev)
634 rem = macroexpand(stk, rem);
636 for (i = 0; i < num; i++) {
637 const char *value = check_all_attr[check[i].attr->attr_nr].value;
638 if (value == ATTR__UNKNOWN)
639 value = ATTR__UNSET;
640 check[i].value = value;
643 return 0;