Skip to content

Commit 8aac43c

Browse files
committed
feat: add permissions::Environment::http_transport.
That way it's possible to deny using environment variables that affect the HTTP transport, like setting the proxy.
1 parent e701e7e commit 8aac43c

File tree

3 files changed

+9
-0
lines changed

3 files changed

+9
-0
lines changed

git-repository/src/config/cache/init.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ impl Cache {
2727
home: home_env,
2828
xdg_config_home: xdg_config_home_env,
2929
ssh_prefix: _,
30+
http_transport: _,
3031
}: repository::permissions::Environment,
3132
repository::permissions::Config {
3233
git_binary: use_installation,

git-repository/src/repository/permissions.rs

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,11 @@ pub struct Environment {
7272
pub git_prefix: git_sec::Permission,
7373
/// Control if resources pointed to by `SSH_*` prefixed environment variables can be used (like `SSH_ASKPASS`)
7474
pub ssh_prefix: git_sec::Permission,
75+
/// Control if environment variables to configure the HTTP transport, like `http_proxy` may be used.
76+
///
77+
/// Note that those http-transport related environment variables prefixed with `GIT_` are falling under the
78+
/// `git_prefix` permission, like `GIT_HTTP_USER_AGENT`.
79+
pub http_transport: git_sec::Permission,
7580
}
7681

7782
impl Environment {
@@ -82,6 +87,7 @@ impl Environment {
8287
home: git_sec::Permission::Allow,
8388
git_prefix: git_sec::Permission::Allow,
8489
ssh_prefix: git_sec::Permission::Allow,
90+
http_transport: git_sec::Permission::Allow,
8591
}
8692
}
8793
}
@@ -126,6 +132,7 @@ impl Permissions {
126132
home: deny,
127133
ssh_prefix: deny,
128134
git_prefix: deny,
135+
http_transport: deny,
129136
}
130137
},
131138
}

git-repository/tests/repository/config/transport_options.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ mod http {
4949
proxy_authenticate,
5050
user_agent,
5151
connect_timeout,
52+
verbose: _,
5253
backend,
5354
} = http_options(&repo, None);
5455
assert_eq!(

0 commit comments

Comments
 (0)