Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fish_git_prompt: be careful about git config #8589

Merged
merged 1 commit into from
Dec 30, 2021

Conversation

ridiculousfish
Copy link
Member

fish_git_prompt may run certain git commands which may invoke certain
external programs as specified .git/config. Prevent this by suppressing
certain git config options by default. Introduce a variable
$__fish_git_prompt_trusted_paths which allows these options to be
re-enabled for a directory hierarchy (possibly /).

@faho
Copy link
Member

faho commented Dec 27, 2021

Introduce a variable
$__fish_git_prompt_trusted_paths which allows these options to be
re-enabled for a directory hierarchy (possibly /).

I do not think a configuration knob is warranted here. I don't believe these git config options (core.fsmonitor, which is an optimization, and diff.external, which renders the diff) have an influence on what fish prints, and this isn't the kind of decision we want to ask of users.

@@ -211,6 +212,15 @@ function fish_git_prompt --description "Prompt function for Git"

set -l space "$___fish_git_prompt_color$___fish_git_prompt_char_stateseparator$___fish_git_prompt_color_done"

# Suppress certain config options in untrusted repos.
set -l extra_config -c core.fsmonitor= -c diff.external=
Copy link
Member

@krobelus krobelus Dec 27, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Today, overriding diff.external shouldn't make a difference.

  • Our "git diff" already uses --no-ext-diff, which has the same meaning (and takes precedence)
  • "git diff-index" is a plumbing command that, by default, doesn't use external diff drivers,
    only if you add --ext-diff and --patch (without --patch it doesn't look at content changes)

@zanchey
Copy link
Member

zanchey commented Dec 27, 2021

As noted by @krobelus on Gitter, what about tab-completion?

@krobelus
Copy link
Member

I do not think a configuration knob is warranted here. [...] core.fsmonitor, which is an optimization

OK. I wasn't sure at first -- this article mentions 12 vs. 1.5 seconds for git status -- however unless bash.showInformativeStatus is set we are probably much faster.
So I think it's okay to remove the configuration until someone complains.

what about tab-completion?

Right, let's make that consistent:

diff --git a/share/completions/git.fish b/share/completions/git.fish
index 6c1f80e7e..8a6090bd8 100644
--- a/share/completions/git.fish
+++ b/share/completions/git.fish
@@ -17,7 +17,7 @@ function __fish_git
     end
     # Using 'command git' to avoid interactions for aliases from git to (e.g.) hub
     # Using eval to expand ~ and variables specified on the commandline.
-    eval command git $global_args \$saved_args 2>/dev/null
+    eval command git $global_args -c core.fsmonitor= \$saved_args 2>/dev/null
 end
 
 # Print an optspec for argparse to handle git's options that are independent of any subcommand.

@ridiculousfish
Copy link
Member Author

ridiculousfish commented Dec 27, 2021

Ok, you've convinced me to remove the knob. Our story can be "don't use bash.showInformativeStatus on watchman-backed repos" and if someone really needs this they can hack up fish_git_prompt themselves.

I think it's OK to leave tab completions as they are. If you are tab-completing git you probably have a reason, and tab-completing e.g. git add will run git status which really can benefit from watchman.

fish_git_prompt may run certain git commands which may invoke certain
external programs as specified `.git/config`. Prevent this by suppressing
certain git config options.
rm -Rf .git *
git init >/dev/null 2>&1
echo -n > ran.txt
git config core.fsmonitor 'echo fsmonitor >> ran.txt; false'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

(fish_indent would make some of the redirections consistent (>/dev/null vs > /dev/null) but it can't see inside quotes)

Ok, you've convinced me to remove the knob. Our story can be "don't use bash.showInformativeStatus on watchman-backed repos" and if someone really needs this they can hack up fish_git_prompt themselves.

Yeah. Going back and forth on this one. bash.showInformativeStatus and fsmonitor are beyond my horizon so I find it hard to empathize.

I think it's OK to leave tab completions as they are. If you are tab-completing git you probably have a reason, and tab-completing e.g. git add will run git status which really can benefit from watchman.

OK

@ridiculousfish ridiculousfish merged commit 3762505 into fish-shell:master Dec 30, 2021
@ridiculousfish ridiculousfish deleted the fix-git branch December 30, 2021 21:11
jcharaoui added a commit to jaspernbrouwer/powerline-gitstatus that referenced this pull request Oct 7, 2022
This gitconfig option is known to execute commands on git status
invocations, so ignore it unless the repository is trusted.

This was implemented by the fish shell here:
fish-shell/fish-shell#8589
jcharaoui added a commit to jaspernbrouwer/powerline-gitstatus that referenced this pull request Oct 9, 2022
This is a mitigation for #45 and is the same method that was implemented
by the fish shell maintainers in
fish-shell/fish-shell#8589
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 2, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants