From d7e1ebde8d17ca0f524504c4977ce5f36519ebab Mon Sep 17 00:00:00 2001 From: Ross Smith II Date: Sat, 11 Nov 2023 07:57:09 -0800 Subject: [PATCH 1/5] Fix: harden utimes, use single quotes --- bin/git-utimes | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/bin/git-utimes b/bin/git-utimes index 83cc48c51..56c5cdb3a 100755 --- a/bin/git-utimes +++ b/bin/git-utimes @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# shellcheck disable=SC2312,SC2248,SC2250,SC2064,SC2086 +# shellcheck disable=SC2312 # # Change files modification time to their last commit date # @@ -39,9 +39,6 @@ if bash --help 2>&1 | grep -q -- '--posix'; then bash_opts="${bash_opts} --posix" fi -prefix="$(git rev-parse --show-prefix) " -strip="${#prefix}" - status_opts= whatchanged_opts= if git status --help 2>&1 | grep -q -- "--no-renames"; then @@ -55,23 +52,30 @@ if git status --help 2>&1 | grep -q -- "--ignored"; then status_opts="${status_opts} --ignored=no" fi +prefix="$(git rev-parse --show-prefix) " +strip="${#prefix}" + tmpfile=$(mktemp) +# shellcheck disable=SC2064 trap "rm -f '${tmpfile}'" 0 # prefix is stripped: +# shellcheck disable=SC2086 git --no-pager status --porcelain --short ${status_opts} . | cut -c 4- >"${tmpfile}" # prefix is not stripped: +# shellcheck disable=SC1003,SC2086,SC2248 git --no-pager whatchanged ${whatchanged_opts} --format='%ct' . | - awk $awk_flags \ + awk ${awk_flags} \ -F'\t' \ -v date_flags="${date_flags}" \ -v op="${op}" \ -v stat_flags="${stat_flags}" \ -v strip="${strip}" \ -v tmpfile="${tmpfile}" \ - 'BEGIN { + '\ +BEGIN { seen[""]=1 print "t() {" print " test -e \"$2\" || return 0" @@ -108,7 +112,7 @@ FILENAME==tmpfile { } seen[$2]=1 # escape quotes: - gsub(/"/, "\\\"", $2) - printf("t %s \"%s\"\n", ct, $2) + gsub(/'\''/, "'\''\\'\'''\''", $2) + printf("t %s '\''%s'\''\n", ct, $2) } ' "${tmpfile}" - | BASH_ENV='' bash ${bash_opts} /dev/stdin From d51d7739eb9f4f41fbffc94c735997e3d982b938 Mon Sep 17 00:00:00 2001 From: Ross Smith II Date: Sat, 11 Nov 2023 08:43:36 -0800 Subject: [PATCH 2/5] Remove passing --posix to bash --- bin/git-utimes | 4 ---- 1 file changed, 4 deletions(-) diff --git a/bin/git-utimes b/bin/git-utimes index 56c5cdb3a..71a2726ae 100755 --- a/bin/git-utimes +++ b/bin/git-utimes @@ -34,10 +34,6 @@ fi if bash --help 2>&1 | grep -q -- '--norc'; then bash_opts="${bash_opts} --norc" fi -# sanity check, not required: -if bash --help 2>&1 | grep -q -- '--posix'; then - bash_opts="${bash_opts} --posix" -fi status_opts= whatchanged_opts= From 361c6b577a6a0f09b8af8b97cee1d39349bf3e4b Mon Sep 17 00:00:00 2001 From: Ross Smith II Date: Sun, 12 Nov 2023 15:10:54 -0800 Subject: [PATCH 3/5] Remove double-quotes and backslashes --- bin/git-utimes | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bin/git-utimes b/bin/git-utimes index 71a2726ae..3cb525dc6 100755 --- a/bin/git-utimes +++ b/bin/git-utimes @@ -107,7 +107,12 @@ FILENAME==tmpfile { next } seen[$2]=1 - # escape quotes: + # remove double quotes and backslashes that git adds: + if (substr($2, 1, 1) == "\"" && substr($2, length($2), 1) == "\"") { + $2 = substr($2, 2, length($2) - 2) + gsub(/\\/, "", $2) + } + # escape single quotes: gsub(/'\''/, "'\''\\'\'''\''", $2) printf("t %s '\''%s'\''\n", ct, $2) } From f2b003183a52eb712f8a532c4819640173c08244 Mon Sep 17 00:00:00 2001 From: Ross Smith II Date: Tue, 21 Nov 2023 11:15:06 -0800 Subject: [PATCH 4/5] Fix: patch git-utimes (fixes #1118) Fixes #1118 --- bin/git-utimes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/git-utimes b/bin/git-utimes index 3cb525dc6..73c39470e 100755 --- a/bin/git-utimes +++ b/bin/git-utimes @@ -80,7 +80,7 @@ BEGIN { print " echo \"+ touch -h -d@$1 $2\"" print " touch -h -d@$1 \"$2\"" } else { - printf(" t=$(date %s$1 \"+%Y%m%d%H%M.%S\")\n", date_flags) + print " t=$(date -r$1 \"+%Y%m%d%H%M.%S\")" print " echo \"+ touch -h -t $t $2\"" print " touch -h -t $t \"$2\"" } From 5bc0c30a6e6c6e67e1673f3ebbc0eab249dd3054 Mon Sep 17 00:00:00 2001 From: Ross Smith II Date: Tue, 21 Nov 2023 11:43:42 -0800 Subject: [PATCH 5/5] Fix formatting issue in git-utimes Per https://github.com/tj/git-extras/pull/1109#discussion_r1399965099 --- bin/git-utimes | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bin/git-utimes b/bin/git-utimes index 73c39470e..326464c1c 100755 --- a/bin/git-utimes +++ b/bin/git-utimes @@ -70,8 +70,7 @@ git --no-pager whatchanged ${whatchanged_opts} --format='%ct' . | -v stat_flags="${stat_flags}" \ -v strip="${strip}" \ -v tmpfile="${tmpfile}" \ - '\ -BEGIN { + 'BEGIN { seen[""]=1 print "t() {" print " test -e \"$2\" || return 0"