Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Improvements to the new security-audit feature that shows the command-line that launched the process that generated the web page. |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
5caa3c5cebd37afb0c43bb82b25a4fa4 |
| User & Date: | drh 2023-03-10 19:17:51.207 |
Context
|
2023-03-10
| ||
| 19:48 | Revise "Fossil as a Windows Service" page to provide tip on avoiding poor interaction with virsus scanning. check-in: 6b43913e67 user: larrybr tags: trunk | |
| 19:17 | Improvements to the new security-audit feature that shows the command-line that launched the process that generated the web page. check-in: 5caa3c5ceb user: drh tags: trunk | |
| 18:13 | Show the command-line on the security-audit page. check-in: 5ab5469adf user: drh tags: trunk | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
134 135 136 137 138 139 140 141 142 143 144 145 146 147 |
void *xPostEval; /* Optional, called after Tcl_Eval*(). */
void *pPostContext; /* Optional, provided to xPostEval(). */
};
#endif
struct Global {
int argc; char **argv; /* Command-line arguments to the program */
char *nameOfExe; /* Full path of executable. */
const char *zErrlog; /* Log errors to this file, if not NULL */
const char *zPhase; /* Phase of operation, for use by the error log
** and for deriving $canonical_page TH1 variable */
int isConst; /* True if the output is unchanging & cacheable */
const char *zVfsName; /* The VFS to use for database connections */
sqlite3 *db; /* The connection to the databases */
| > | 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
void *xPostEval; /* Optional, called after Tcl_Eval*(). */
void *pPostContext; /* Optional, provided to xPostEval(). */
};
#endif
struct Global {
int argc; char **argv; /* Command-line arguments to the program */
char **argvOrig; /* Original g.argv prior to removing options */
char *nameOfExe; /* Full path of executable. */
const char *zErrlog; /* Log errors to this file, if not NULL */
const char *zPhase; /* Phase of operation, for use by the error log
** and for deriving $canonical_page TH1 variable */
int isConst; /* True if the output is unchanging & cacheable */
const char *zVfsName; /* The VFS to use for database connections */
sqlite3 *db; /* The connection to the databases */
|
| ︙ | ︙ | |||
442 443 444 445 446 447 448 |
/* Maintenance reminder: we do not stop at a "--" flag here,
** instead delegating that to find_option(). Doing it here
** introduces some weird corner cases, as covered in forum thread
** 4382bbc66757c39f. e.g. (fossil -U -- --args ...) is handled
** differently when we stop at "--" here. */
if( fossil_strcmp(z, "args")==0 ) break;
}
| | > > > > | 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 |
/* Maintenance reminder: we do not stop at a "--" flag here,
** instead delegating that to find_option(). Doing it here
** introduces some weird corner cases, as covered in forum thread
** 4382bbc66757c39f. e.g. (fossil -U -- --args ...) is handled
** differently when we stop at "--" here. */
if( fossil_strcmp(z, "args")==0 ) break;
}
if( (int)i>=g.argc-1 ){
g.argvOrig = fossil_malloc( sizeof(char*)*(g.argc+1) );
memcpy(g.argvOrig, g.argv, sizeof(g.argv[0])*(g.argc+1));
return;
}
zFileName = g.argv[i+1];
if( strcmp(zFileName,"-")==0 ){
inFile = stdin;
}else if( !file_isfile(zFileName, ExtFILE) ){
fossil_fatal("Not an ordinary file: \"%s\"", zFileName);
}else{
|
| ︙ | ︙ | |||
465 466 467 468 469 470 471 |
}
inFile = NULL;
blob_to_utf8_no_bom(&file, 1);
z = blob_str(&file);
for(k=0, nLine=1; z[k]; k++) if( z[k]=='\n' ) nLine++;
if( nLine>100000000 ) fossil_fatal("too many command-line arguments");
nArg = g.argc + nLine*2;
| | | 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 |
}
inFile = NULL;
blob_to_utf8_no_bom(&file, 1);
z = blob_str(&file);
for(k=0, nLine=1; z[k]; k++) if( z[k]=='\n' ) nLine++;
if( nLine>100000000 ) fossil_fatal("too many command-line arguments");
nArg = g.argc + nLine*2;
newArgv = fossil_malloc( sizeof(char*)*nArg*2 + 2);
for(j=0; j<i; j++) newArgv[j] = g.argv[j];
blob_rewind(&file);
while( nLine-->0 && (n = blob_line(&file, &line))>0 ){
/* Reminder: ^^^ nLine check avoids that embedded NUL bytes in the
** --args file causes nLine to be less than blob_line() will end
** up reporting, as such a miscount leads to an illegal memory
|
| ︙ | ︙ | |||
508 509 510 511 512 513 514 515 516 517 518 519 520 521 |
}
}
i += 2;
while( (int)i<g.argc ) newArgv[j++] = g.argv[i++];
newArgv[j] = 0;
g.argc = j;
g.argv = newArgv;
}
#ifdef FOSSIL_ENABLE_TCL
/*
** Make a deep copy of the provided argument array and return it.
*/
static char **copy_args(int argc, char **argv){
| > > | 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 |
}
}
i += 2;
while( (int)i<g.argc ) newArgv[j++] = g.argv[i++];
newArgv[j] = 0;
g.argc = j;
g.argv = newArgv;
g.argvOrig = &g.argv[j+1];
memcpy(g.argvOrig, g.argv, sizeof(g.argv[0])*(j+1));
}
#ifdef FOSSIL_ENABLE_TCL
/*
** Make a deep copy of the provided argument array and return it.
*/
static char **copy_args(int argc, char **argv){
|
| ︙ | ︙ |
Changes to src/security_audit.c.
| ︙ | ︙ | |||
98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */
const char *zDevCap; /* Capabilities of user group "developer" */
const char *zReadCap; /* Capabilities of user group "reader" */
const char *zPubPages; /* GLOB pattern for public pages */
const char *zSelfCap; /* Capabilities of self-registered users */
int hasSelfReg = 0; /* True if able to self-register */
const char *zPublicUrl; /* Canonical access URL */
char *z;
int n, i;
CapabilityString *pCap;
char **azCSP; /* Parsed content security policy */
login_check_credentials();
if( !g.perm.Admin ){
| > | 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */
const char *zDevCap; /* Capabilities of user group "developer" */
const char *zReadCap; /* Capabilities of user group "reader" */
const char *zPubPages; /* GLOB pattern for public pages */
const char *zSelfCap; /* Capabilities of self-registered users */
int hasSelfReg = 0; /* True if able to self-register */
const char *zPublicUrl; /* Canonical access URL */
Blob cmd;
char *z;
int n, i;
CapabilityString *pCap;
char **azCSP; /* Parsed content security policy */
login_check_credentials();
if( !g.perm.Admin ){
|
| ︙ | ︙ | |||
690 691 692 693 694 695 696 697 |
@ INSERT INTO private SELECT rid FROM blob WHERE content IS NULL;
@ </pre></blockquote>
@ </p>
table_of_public_phantoms();
@ </li>
}
@ <li><p>
| > > > > | < | < < > | 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 |
@ INSERT INTO private SELECT rid FROM blob WHERE content IS NULL;
@ </pre></blockquote>
@ </p>
table_of_public_phantoms();
@ </li>
}
blob_init(&cmd, 0, 0);
for(i=0; g.argvOrig[i]!=0; i++){
blob_append_escaped_arg(&cmd, g.argvOrig[i], 0);
}
@ <li><p>
@ The command that generated this page:
@ <blockquote>
@ <tt>%h(blob_str(&cmd))</tt>
@ </blockquote></li>
blob_zero(&cmd);
@ </ol>
style_finish_page();
}
/*
** WEBPAGE: takeitprivate
|
| ︙ | ︙ |