git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: Marc Strapetz <marc.strapetz@syntevo.com>
To: Junio C Hamano <gitster@pobox.com>, Jeff King <peff@peff.net>
Cc: git@vger.kernel.org
Subject: Re: pathspec: problems with too long command line
Date: Wed, 21 Nov 2018 21:56:11 +0100	[thread overview]
Message-ID: <8db810d2-5424-8833-c22f-5d9dfd77e3c5@syntevo.com> (raw)
In-Reply-To: <xmqq7eh67dqq.fsf@gitster-ct.c.googlers.com>

On 21.11.2018 14:37, Junio C Hamano wrote:
> Jeff King <peff@peff.net> writes:
> 
>> On Wed, Nov 21, 2018 at 10:23:34AM +0100, Marc Strapetz wrote:
>>
>>>  From our GUI client we are invoking git operations on a possibly large set
>>> of files. ...
>>> command line length, especially on Windows [1] and OSX [2]. To workaround
>>> this problem we are currently splitting up such operations by invoking
>>> multiple git commands. This works well for some commands (like add), but
>>> doesn't work well for others (like commit).
> 
>> Quite a few commands take --stdin, which can be used to send pathspecs
>> (and often other stuff) without size limits. I don't think either
>> "commit" or "add" does, but that might be another route.
> 
> A GUI client, like your server, should not be using end-user facing
> Porcelain commands like "add" and "commit" anyway.  In the standard
> "update-index" followed by "write-tree" followed-by "commit-tree"
> followed by "update-ref" sequence, the only thing that needs to take
> pathspec is the update-index step, and it already does take --stdin.

In our case it's a desktop client. We didn't consider using plumbing 
commands in general but only in cases where no appropriate high level 
commands exist. One reason for this decision was definitely a lack of 
our understanding in the beginning (which is no excuse anymore :). 
Another reason is that our users have quite frequently requested to see 
invoked Git commands, for their own understanding and learning. I think 
this argument remains valid. A third reason is to reduce process 
invocations. Although we are quite experienced Git users now, one final 
reason may be that it's still desirable to rely on additional validation 
in high level commands.

Summed up, I would prefer to find a solution which allows to stick with 
"git add"s, "git commit"s, "git checkout"s, ... and providing 
--stdin-paths alternatively to <pathspec> would be a good solution from 
a GUI client developer's perspective. I'm probably too biased to see 
whether it will be beneficial to standalone Git, too?

>> I'm slightly nervous at a pathspec that starts reading arbitrary files,
>> because I suspect there may be interesting ways to abuse it for services
>> which expose Git. E.g., if I have a web service which can show the
>> history of a file, I might take a $file parameter from the client and
>> run "git rev-list -- $file" (handling shell quoting, of course). That's
>> OK now, but with the proposed pathspec magic, a malicious user could ask
>> for ":(from-file=/etc/passwd)" or whatever.
> 
> In any case, I share your gut feeling that this should not be a
> magic pathspec, but should instead be "--stdin[-paths]", for command
> line parsing's sanity.  Catchng random strings that begin with
> double dash as fishy is much simpler and more robust than having to
> tell if a string that is a risky or a benign magic pathspec.

These are interesting points. Then --stdin[-paths] is definitely the 
better choice.

-Marc

      reply	other threads:[~2018-11-21 20:56 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-21  9:23 pathspec: problems with too long command line Marc Strapetz
2018-11-21 13:21 ` Jeff King
2018-11-21 13:37   ` Junio C Hamano
2018-11-21 20:56     ` Marc Strapetz [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8db810d2-5424-8833-c22f-5d9dfd77e3c5@syntevo.com \
    --to=marc.strapetz@syntevo.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).