summaryrefslogtreecommitdiff
path: root/t/t0303-credential-external.sh
diff options
context:
space:
mode:
authorLibravatar Jeff King <peff@peff.net>2019-08-29 15:08:42 -0400
committerLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-12-04 13:20:04 +0100
commita52ed76142f6e8d993bb4c50938a408966eb2b7c (patch)
tree9603df337bf43eec5d4998d44f5c3293661950d2 /t/t0303-credential-external.sh
parentfast-import: disallow "feature export-marks" by default (diff)
downloadtgif-a52ed76142f6e8d993bb4c50938a408966eb2b7c.tar.xz
fast-import: disallow "feature import-marks" by default
As with export-marks in the previous commit, import-marks can access the filesystem. This is significantly less dangerous than export-marks because it only involves reading from arbitrary paths, rather than writing them. However, it could still be surprising and have security implications (e.g., exfiltrating data from a service that accepts fast-import streams). Let's lump it (and its "if-exists" counterpart) in with export-marks, and enable the in-stream version only if --allow-unsafe-features is set. Signed-off-by: Jeff King <peff@peff.net>
Diffstat (limited to 't/t0303-credential-external.sh')
0 files changed, 0 insertions, 0 deletions