MCPcopy Index your code
hub / github.com/git/git / sanitize_client

Function sanitize_client

daemon.c:560–572  ·  view source on GitHub ↗

* Sanitize a string from the client so that it's OK to be inserted into a * filesystem path. Specifically, we disallow directory separators, runs * of "..", and trailing and leading dots, which means that the client * cannot escape our base path via ".." traversal. */

Source from the content-addressed store, hash-verified

558 * cannot escape our base path via ".." traversal.
559 */
560static void sanitize_client(struct strbuf *out, const char *in)
561{
562 for (; *in; in++) {
563 if (is_dir_sep(*in))
564 continue;
565 if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
566 continue;
567 strbuf_addch(out, *in);
568 }
569
570 while (out->len && out->buf[out->len - 1] == '.')
571 strbuf_setlen(out, out->len - 1);
572}
573
574/*
575 * Like sanitize_client, but we also perform any canonicalization

Callers 3

canonicalize_clientFunction · 0.85
parse_host_argFunction · 0.85
lookup_hostnameFunction · 0.85

Calls 2

strbuf_addchFunction · 0.85
strbuf_setlenFunction · 0.85

Tested by

no test coverage detected