Prevent creation of invalid git config keys

Allow only alphanumeric characters and the dash in git config section and variable names. Subsections get quoted and may contain other characters. Extend the validation in AddConfigEntryDialog to prevent the accidental creation of invalid git config entries; those would break all git, JGit, and EGit functionality and the only way to fix this would be to edit the offending git config file manually in a text editor. With an invalid git config file, not even "git config --help" works! Change-Id: I65a3279069639d44922da8c8792a27b9aa51fe4e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
author: Thomas Wolf 2017-02-19 21:28:37 +0000
committer: Thomas Wolf 2017-03-01 19:43:28 +0000
commit: 4bc15e7f9023024b9e1c803d185ed16730218931 (patch)
tree: 8a7d449e251ebfbdfea5f7ede7b57d176e2402de /org.eclipse.egit.ui/src/org/eclipse/egit
parent: 7ac21ccc9faf0ff5fe9952391e311491f6952c53 (diff)
download: egit-4bc15e7f9023024b9e1c803d185ed16730218931.tar.gz
egit-4bc15e7f9023024b9e1c803d185ed16730218931.tar.xz
egit-4bc15e7f9023024b9e1c803d185ed16730218931.zip
3 files changed, 45 insertions, 8 deletions
diff --git a/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/UIText.java b/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/UIText.java
index f2d14edb7e..7dc43ea5ad 100644
--- a/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/UIText.java
+++ b/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/UIText.java
@@ -101,6 +101,9 @@ public class UIText extends NLS {
 	public static String AddConfigEntryDialog_EnterValueMessage;
 
 	/** */
+	public static String AddConfigEntryDialog_InvalidKeyMessage;
+
+	/** */
 	public static String AddConfigEntryDialog_KeyComponentsMessage;
 
 	/** */
diff --git a/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/preferences/AddConfigEntryDialog.java b/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/preferences/AddConfigEntryDialog.java
index 352f19afb6..7d5cc35aa3 100644
--- a/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/preferences/AddConfigEntryDialog.java
+++ b/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/preferences/AddConfigEntryDialog.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2010, SAP AG.
+ * Copyright (c) 2010, 2017 SAP AG and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -7,10 +7,12 @@
  *
  * Contributors:
  *    Mathias Kinzler (SAP AG) - initial implementation
+ *    Thomas Wolf <thomas.wolf@paranor.ch> - input validation
  *******************************************************************************/
 package org.eclipse.egit.ui.internal.preferences;
 
 import java.util.StringTokenizer;
+import java.util.regex.Pattern;
 
 import org.eclipse.egit.ui.internal.UIText;
 import org.eclipse.jface.dialogs.TitleAreaDialog;
@@ -26,9 +28,27 @@ import org.eclipse.swt.widgets.Shell;
 import org.eclipse.swt.widgets.Text;
 
 /**
- * Requests a key and value for adding a configuration entry
+ * Requests a key and value for adding a configuration entry.
  */
 public class AddConfigEntryDialog extends TitleAreaDialog {
+
+	/**
+	 * Regular expression describing a valid git config key. See config.c in the
+	 * CGit sources, or https://git-scm.com/docs/git-config. Basically it's
+	 * section.subsection.name, where section and name must contain only
+	 * alphanumeric characters or the dash, and name must start with a letter.
+	 *
+	 * Cgit also allows periods in the section name to support the legacy syntax
+	 * [section.subsection]. For our use case, this is irrelevant, and EGit
+	 * takes only the first segment as section name.
+	 *
+	 * Note that we allow arbitrary whitespace before and after; we'll trim that
+	 * away in {@link #okPressed}.
+	 */
+	private static final Pattern VALID_KEY = Pattern
+			.compile(
+					"(\\h|\\v)*[-\\p{Alnum}]+(?:\\..*)?\\.\\p{Alpha}[-\\p{Alnum}]*(\\h|\\v)*"); //$NON-NLS-1$
+
 	private Text keyText;
 
 	private Text valueText;
@@ -65,7 +85,7 @@ public class AddConfigEntryDialog extends TitleAreaDialog {
 		keylLabel.setToolTipText(UIText.AddConfigEntryDialog_ConfigKeyTooltip);
 		keyText = new Text(main, SWT.BORDER);
 		if (suggestedKey != null) {
-			keyText.setText(suggestedKey);
+			keyText.setText(trimKey(suggestedKey));
 			keyText.selectAll();
 		}
 
@@ -91,6 +111,14 @@ public class AddConfigEntryDialog extends TitleAreaDialog {
 		return main;
 	}
 
+	private boolean isValidKey(String keyValue) {
+		return keyValue != null && VALID_KEY.matcher(keyValue).matches();
+	}
+
+	private String trimKey(String keyValue) {
+		return keyValue.replaceAll("^(?:\\h|\\v)*|(?:\\h|\\v)*$", ""); //$NON-NLS-1$ //$NON-NLS-2$
+	}
+
 	@Override
 	public void create() {
 		super.create();
@@ -113,6 +141,11 @@ public class AddConfigEntryDialog extends TitleAreaDialog {
 				hasError = true;
 				return;
 			}
+			if (!isValidKey(keyText.getText())) {
+				setErrorMessage(UIText.AddConfigEntryDialog_InvalidKeyMessage);
+				hasError = true;
+				return;
+			}
 			if (valueText.getText().length() == 0) {
 				setErrorMessage(UIText.AddConfigEntryDialog_EnterValueMessage);
 				hasError = true;
@@ -125,7 +158,7 @@ public class AddConfigEntryDialog extends TitleAreaDialog {
 
 	@Override
 	protected void okPressed() {
-		key = keyText.getText();
+		key = trimKey(keyText.getText());
 		value = valueText.getText();
 		super.okPressed();
 	}
diff --git a/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/uitext.properties b/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/uitext.properties
index 7546fd8e60..fc28db2b6c 100644
--- a/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/uitext.properties
+++ b/org.eclipse.egit.ui/src/org/eclipse/egit/ui/internal/uitext.properties
@@ -40,11 +40,12 @@ Activator_refreshFailed=Failed to refresh projects from index changes
 Activator_setupFocusListener=Setting up the focus listener
 AddConfigEntryDialog_AddConfigTitle=Add a configuration entry
 AddConfigEntryDialog_ConfigKeyTooltip=Use "." to separate section/subsection/name, e.g. "core.bare", "remote.origin.url"
-AddConfigEntryDialog_DialogMessage=Please enter a key, e.g. "user.name" and a value
-AddConfigEntryDialog_EnterValueMessage=Please enter a value
-AddConfigEntryDialog_KeyComponentsMessage=The key must have two or more components separated by "."
+AddConfigEntryDialog_DialogMessage=Please enter a key, e.g. "user.name" and a value.
+AddConfigEntryDialog_EnterValueMessage=Please enter a value.
+AddConfigEntryDialog_InvalidKeyMessage=Please enter a valid key: the first and the last component may contain only the letters [A-Za-z0-9] or the dash, and the last component must start with a letter.
+AddConfigEntryDialog_KeyComponentsMessage=The key must have two or more components separated by ".".
 AddConfigEntryDialog_KeyLabel=&Key
-AddConfigEntryDialog_MustEnterKeyMessage=Please enter a key
+AddConfigEntryDialog_MustEnterKeyMessage=Please enter a key.
 AddConfigEntryDialog_ValueLabel=&Value
 AddRemotePage_EnterRemoteNameMessage=Please enter a remote name
 AddRemotePage_RemoteNameAlreadyExistsError=Remote already exists
author	Thomas Wolf	2017-02-19 21:28:37 +0000
committer	Thomas Wolf	2017-03-01 19:43:28 +0000
commit	4bc15e7f9023024b9e1c803d185ed16730218931 (patch)
tree	8a7d449e251ebfbdfea5f7ede7b57d176e2402de /org.eclipse.egit.ui/src/org/eclipse/egit
parent	7ac21ccc9faf0ff5fe9952391e311491f6952c53 (diff)
download	egit-4bc15e7f9023024b9e1c803d185ed16730218931.tar.gz egit-4bc15e7f9023024b9e1c803d185ed16730218931.tar.xz egit-4bc15e7f9023024b9e1c803d185ed16730218931.zip