Struct git_repository::permissions::Config

source · 
pub struct Config {
    pub git_binary: bool,
    pub system: bool,
    pub git: bool,
    pub user: bool,
    pub env: bool,
    pub includes: bool,
}
Expand description

Configure from which sources git configuration may be loaded.

Note that configuration from inside of the repository is always loaded as it’s definitely required for correctness.

Fields§

§git_binary: bool

The git binary may come with configuration as part of its configuration, and if this is true (default false) we will load the configuration of the git binary, if present and not a duplicate of the ones below.

It’s disable by default as it involves executing the git binary once per execution of the application.

§system: bool

Whether to use the system configuration. This is defined as $(prefix)/etc/gitconfig on unix.

§git: bool

Whether to use the git application configuration.

A platform defined location for where a user’s git application configuration should be located. If $XDG_CONFIG_HOME is not set or empty, $HOME/.config/git/config will be used on unix.

§user: bool

Whether to use the user configuration. This is usually ~/.gitconfig on unix.

§env: bool

Whether to use the configuration from environment variables.

§includes: bool

Whether to follow include files are encountered in loaded configuration, via include and includeIf sections.

Implementations§

Allow everything which usually relates to a fully trusted environment

Examples found in repository?
src/repository/permissions.rs (line 57)
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

    fn default() -> Self {
        Self::all()
    }
}

/// Permissions related to the usage of environment variables
#[derive(Debug, Clone)]
pub struct Environment {
    /// Control whether resources pointed to by `XDG_CONFIG_HOME` can be used when looking up common configuration values.
    ///
    /// Note that [`git_sec::Permission::Forbid`] will cause the operation to abort if a resource is set via the XDG config environment.
    pub xdg_config_home: git_sec::Permission,
    /// Control the way resources pointed to by the home directory (similar to `xdg_config_home`) may be used.
    pub home: git_sec::Permission,
    /// Control if environment variables to configure the HTTP transport, like `http_proxy` may be used.
    ///
    /// Note that http-transport related environment variables prefixed with `GIT_` may also be included here
    /// if they match this category like `GIT_HTTP_USER_AGENT`.
    pub http_transport: git_sec::Permission,
    /// Control if the `EMAIL` environment variables may be read.
    ///
    /// Note that identity related environment variables prefixed with `GIT_` may also be included here
    /// if they match this category.
    pub identity: git_sec::Permission,
    /// Control if environment variables related to the object database are handled. This includes features and performance
    /// options alike.
    pub objects: git_sec::Permission,
    /// Control if resources pointed to by `GIT_*` prefixed environment variables can be used, **but only** if they
    /// are not contained in any other category. This is a catch-all section.
    pub git_prefix: git_sec::Permission,
    /// Control if resources pointed to by `SSH_*` prefixed environment variables can be used (like `SSH_ASKPASS`)
    pub ssh_prefix: git_sec::Permission,
}

impl Environment {
    /// Allow access to the entire environment.
    pub fn all() -> Self {
        let allow = git_sec::Permission::Allow;
        Environment {
            xdg_config_home: allow,
            home: allow,
            git_prefix: allow,
            ssh_prefix: allow,
            http_transport: allow,
            identity: allow,
            objects: allow,
        }
    }
}

impl Permissions {
    /// Return permissions that will not include configuration files not owned by the current user,
    /// but trust system and global configuration files along with those which are owned by the current user.
    ///
    /// This allows to read and write repositories even if they aren't owned by the current user, but avoid using
    /// anything else that could cause us to write into unknown locations or use programs beyond our `PATH`.
    pub fn secure() -> Self {
        Permissions {
            env: Environment::all(),
            config: Config::all(),
        }
    }

    /// Everything is allowed with this set of permissions, thus we read all configuration and do what git typically
    /// does with owned repositories.
    pub fn all() -> Self {
        Permissions {
            env: Environment::all(),
            config: Config::all(),
        }
    }

Trait Implementations§

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Returns the “default value” for a type. Read more
Feeds this value into the given Hasher. Read more
Feeds a slice of this type into the given Hasher. Read more
This method returns an Ordering between self and other. Read more
Compares and returns the maximum of two values. Read more
Compares and returns the minimum of two values. Read more
Restrict a value to a certain interval. Read more
This method tests for self and other values to be equal, and is used by ==.
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
This method returns an ordering between self and other values if one exists. Read more
This method tests less than (for self and other) and is used by the < operator. Read more
This method tests less than or equal to (for self and other) and is used by the <= operator. Read more
This method tests greater than (for self and other) and is used by the > operator. Read more
This method tests greater than or equal to (for self and other) and is used by the >= operator. Read more

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more
Checks if this value is equivalent to the given key. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The alignment of pointer.
The type for initializers.
Initializes a with the given initializer. Read more
Dereferences the given pointer. Read more
Mutably dereferences the given pointer. Read more
Drops the object pointed to by the given pointer. Read more
Should always be Self
The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.