Page MenuHomePhabricator
Create Task
Maniphest T13589

Git may interpret refnames as flags in some commands which accept both refs and paths
Closed, ResolvedPublic
Actions

Description

Via HackerOne. See https://hackerone.com/reports/1070247.

Some git commands accept both a ref selector (or some similar symbol) and a list of paths. For example:

$ git log <ref selector> -- <path> <path> ...

These commands use -- to disambiguate the ref selector from the paths. However, they have no mechanism for disambiguating the ref selector from the flags.

If a string like --example-flag is passed as a ref selector, Git may interpret it as a flag rather than a ref selector.

Affected commands include:

  • blame
  • diff
  • diff-tree
  • grep
  • log
  • ls-tree

Although log can be invoked with --stdin to disambiguate flags, ref selectors, and paths, not all commands have a mode like this.

Revisions and Commits

rARC Arcanist
D21509rARCb2e715fc5a9c Provide "gitsprintf(...)" and disambiguate Git ref selectors
rP Phabricator
D21528rPc339eb01d616 (stable) Correct Diffusion browse behavior when visiting a path URI with no…
D21528rPd6fd36570407 Correct Diffusion browse behavior when visiting a path URI with no trailing…
D21519rP69870a6bc268 (stable) Correct Git repository browse behavior for differences in "ls-tree"…
D21519rPbafe8d1bbdb2 Correct Git repository browse behavior for differences in "ls-tree" output
D21512rPe7e8ef7e390a Correct a straggling CLI format string after ref selector changes
D21511rP0e28105ff76b Further correct and disambigutate ref selectors passed to Git on the CLI
D21510rPea9cb0b625fb Disambiguate Git ref selectors in some Git command line invocations

Related Objects

Event Timeline

epriestley triaged this task as Normal priority.Jan 12 2021, 6:26 PM
epriestley created this task.
epriestley created this object with visibility "epriestley (Evan Priestley)".
epriestley added a revision: D21509: Provide "gitsprintf(...)" and disambiguate Git ref selectors.Jan 12 2021, 8:09 PM
epriestley updated the task description. (Show Details)Jan 12 2021, 8:10 PM
epriestley added a revision: D21510: Disambiguate Git ref selectors in some Git command line invocations.Jan 12 2021, 8:11 PM
epriestley added a commit: rARCb2e715fc5a9c: Provide "gitsprintf(...)" and disambiguate Git ref selectors.Jan 13 2021, 8:31 PM
epriestley added a commit: rPea9cb0b625fb: Disambiguate Git ref selectors in some Git command line invocations.
epriestley removed a project: Security.Jan 15 2021, 6:44 PM
epriestley changed the visibility from "epriestley (Evan Priestley)" to "All Users".
epriestley added a project: Security.
Herald added subscribers: cburroughs, andypuettmann, revi. · View Herald TranscriptJan 15 2021, 6:44 PM
epriestley changed the visibility from "All Users" to "Public (No Login Required)".Jan 15 2021, 6:45 PM
Abbe added a subscriber: Abbe.EditedJan 19 2021, 11:44 AM

My apologies if this is not the right place to post about this, but seems like due to ea9cb0b625fb6922c45aecbfdebacc60788ed92d we now get following error message when visiting diffusion repository page, i.e. URL /diffusion/$REPOID/:

[2021-01-19 11:05:26] EXCEPTION: (CommandException) Command failed with error #128!
COMMAND
git ls-tree -z -l COMMIT_ID_MASKED -- ''

STDOUT
(empty)

STDERR
fatal: empty string is not a valid pathspec. please use . instead if you meant to match all paths
 at [<arcanist>/src/future/exec/ExecFuture.php:421]
[19-Jan-2021 11:05:26 UTC] arcanist(head=master, ref.master=b2e715fc5a9c), phabricator(head=master, ref.master=ea9cb0b625fb, custom=4)
[19-Jan-2021 11:05:26 UTC]   #0 <#2> ExecFuture::raiseResultError(array) called at [<arcanist>/src/future/exec/ExecFuture.php:325]
[19-Jan-2021 11:05:26 UTC]   #1 <#2> ExecFuture::resolvex() called at [<phabricator>/src/applications/repository/storage/PhabricatorRepository.php:533]
[19-Jan-2021 11:05:26 UTC]   #2 <#2> PhabricatorRepository::execxLocalCommand(string, string, NULL) called at [<phabricator>/src/applications/diffusion/conduit/DiffusionBrowseQueryConduitAPIMethod.php:125]
[19-Jan-2021 11:05:26 UTC]   #3 <#2> DiffusionBrowseQueryConduitAPIMethod::getGitResult(ConduitAPIRequest) called at [<phabricator>/src/applications/diffusion/conduit/DiffusionQueryConduitAPIMethod.php:155]
[19-Jan-2021 11:05:26 UTC]   #4 <#2> DiffusionQueryConduitAPIMethod::getResult(ConduitAPIRequest) called at [<phabricator>/src/applications/diffusion/conduit/DiffusionBrowseQueryConduitAPIMethod.php:31]
[19-Jan-2021 11:05:26 UTC]   #5 <#2> DiffusionBrowseQueryConduitAPIMethod::getResult(ConduitAPIRequest) called at [<phabricator>/src/applications/diffusion/conduit/DiffusionQueryConduitAPIMethod.php:110]
[19-Jan-2021 11:05:26 UTC]   #6 <#2> DiffusionQueryConduitAPIMethod::execute(ConduitAPIRequest) called at [<phabricator>/src/applications/conduit/method/ConduitAPIMethod.php:131]
[19-Jan-2021 11:05:26 UTC]   #7 <#2> ConduitAPIMethod::executeMethod(ConduitAPIRequest) called at [<phabricator>/src/applications/conduit/call/ConduitCall.php:131]
[19-Jan-2021 11:05:26 UTC]   #8 <#2> ConduitCall::executeMethod() called at [<phabricator>/src/applications/conduit/call/ConduitCall.php:81]
[19-Jan-2021 11:05:26 UTC]   #9 <#2> ConduitCall::execute() called at [<phabricator>/src/applications/conduit/controller/PhabricatorConduitAPIController.php:83]
[19-Jan-2021 11:05:26 UTC]   #10 phlog(CommandException) called at [<phabricator>/src/applications/conduit/controller/PhabricatorConduitAPIController.php:111]
[19-Jan-2021 11:05:26 UTC]   #11 PhabricatorConduitAPIController::handleRequest(AphrontRequest) called at [<phabricator>/src/aphront/configuration/AphrontApplicationConfiguration.php:288]
[19-Jan-2021 11:05:26 UTC]   #12 AphrontApplicationConfiguration::processRequest(AphrontRequest, PhutilDeferredLog, AphrontPHPHTTPSink, MultimeterControl) called at [<phabricator>/src/aphront/configuration/AphrontApplicationConfiguration.php:208]
[19-Jan-2021 11:05:26 UTC]   #13 AphrontApplicationConfiguration::runHTTPRequest(AphrontPHPHTTPSink) called at [<phabricator>/webroot/index.php:35]

Could this be fixed ?

Thanks!

Abbe added a comment.EditedJan 19 2021, 12:00 PM

It works with Git 2.1.4 (shipped with Debian Wheezy), but not with Git 2.20.1 (shipped with Debian Buster), or Git 2.30.0 (latest version).

epriestley added a comment.Jan 19 2021, 3:34 PM

Please use Discourse to report bugs. See https://discourse.phabricator-community.org/t/repository-view-git-command-failed-error/4510/.

epriestley updated the task description. (Show Details)Jan 20 2021, 6:47 PM
epriestley added a revision: D21511: Further correct and disambigutate ref selectors passed to Git on the CLI.Jan 20 2021, 7:44 PM
epriestley added a commit: rP0e28105ff76b: Further correct and disambigutate ref selectors passed to Git on the CLI.Jan 20 2021, 8:07 PM
epriestley added a revision: D21512: Correct a straggling CLI format string after ref selector changes.Jan 20 2021, 11:04 PM
epriestley added a commit: rPe7e8ef7e390a: Correct a straggling CLI format string after ref selector changes.Jan 20 2021, 11:04 PM
epriestley mentioned this in 2021 Week 4 (Late January).Jan 23 2021, 4:30 AM
epriestley added a revision: D21519: Correct Git repository browse behavior for differences in "ls-tree" output.Jan 25 2021, 5:10 PM
epriestley added a commit: rPbafe8d1bbdb2: Correct Git repository browse behavior for differences in "ls-tree" output.Jan 25 2021, 5:13 PM
epriestley added a commit: rP69870a6bc268: (stable) Correct Git repository browse behavior for differences in "ls-tree"….Jan 25 2021, 5:25 PM
epriestley added a revision: D21528: Correct Diffusion browse behavior when visiting a path URI with no trailing slash.Jan 28 2021, 12:34 AM
epriestley added a commit: rPd6fd36570407: Correct Diffusion browse behavior when visiting a path URI with no trailing….Jan 28 2021, 4:53 PM
epriestley added a commit: rPc339eb01d616: (stable) Correct Diffusion browse behavior when visiting a path URI with no….Jan 28 2021, 5:14 PM
holmboe added a subscriber: holmboe.Apr 8 2021, 9:47 AM
In T13589#254320, @epriestley wrote:

Please use Discourse to report bugs.

Is Discourse the way to report bug instead of Maniphest? /me curious

epriestley added a comment.Apr 8 2021, 12:53 PM

Yes. I closed down registration on this install (secure.phabricator.com) several years ago because the overwhelming majority of users who registered accounts here didn't read or follow the rules. Access to secure.phabricator.com is now invite-only.

epriestley closed this task as Resolved.Apr 20 2022, 7:15 PM

I believe these were all hunted down.

Phabricator · Built by Phacility