Fossil

Check-in [97cac02b8a]
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Show the age of phantoms. Provide text hints on how to deal with phantoms on the /secaudit0 page.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 97cac02b8a1a4cd75d43c7f8350d1f6646af6886d40d3b9b10c92499022ef842
User & Date: drh 2020-11-12 14:25:33.270
Context
2020-11-12
14:26
Add new --attribute option to the 'fossil import --git' command that enables attributing commits to a username rather than the corresponding Git committer/author contact info of a given commit. Conversely, construct a full 'user <emailaddr>' Git committer string for commits when using 'fossil git export' by querying the new 'fx_git' table if it exists, or the 'info' column in the 'user' table. If no user specified emailaddr can be parsed, then use the generic 'user@noemail.net' string. check-in: cd4fbdee00 user: jamsek tags: trunk
14:25
Show the age of phantoms. Provide text hints on how to deal with phantoms on the /secaudit0 page. check-in: 97cac02b8a user: drh tags: trunk
11:54
Fix the page title for the /file method without a ci= query parameter. check-in: cf72fc18e7 user: drh tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/name.c. 
1414
1415
1416
1417
1418
1419
1420

1421
1422
1423
1424
1425
1426


1427
1428

1429
1430
1431
1432
1433
1434
1435

1436
1437
1438
1439




1440
1441



1442
1443
1444
1445
1446
1447
1448


/*
** Output HTML that shows a table of all public phantoms.
*/
void table_of_public_phantoms(void){
  Stmt q;
  char *zRange;

  zRange = mprintf("IN (SELECT rid FROM phantom EXCEPT"
                   " SELECT rid FROM private)");
  describe_artifacts(zRange);
  fossil_free(zRange);
  db_prepare(&q,
    "SELECT rid, uuid, summary, ref"


    "  FROM description ORDER BY rid"
  );

  @ <table cellpadding="2" cellspacing="0" border="1">
  @ <tr><th>RID<th>Description<th>Source
  while( db_step(&q)==SQLITE_ROW ){
    int rid = db_column_int(&q,0);
    const char *zUuid = db_column_text(&q, 1);
    const char *zDesc = db_column_text(&q, 2);
    const char *zRef = db_column_text(&q,3);

    @ <tr><td valign="top">%d(rid)</td>
    @ <td valign="top" align="left">%h(zUuid)<br>%h(zDesc)</td>
    if( zRef && zRef[0] ){
      @ <td valign="top">%z(href("%R/info/%!S",zRef))%!S(zRef)</a>




    }else{
      @ <td>&nbsp;



    }
    @ </tr>
  }
  @ </table>
  db_finalize(&q);
}









>





|
>
>


>

|





>




>
>
>
>
|
|
>
>
>








1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460


/*
** Output HTML that shows a table of all public phantoms.
*/
void table_of_public_phantoms(void){
  Stmt q;
  char *zRange;
  double rNow;
  zRange = mprintf("IN (SELECT rid FROM phantom EXCEPT"
                   " SELECT rid FROM private)");
  describe_artifacts(zRange);
  fossil_free(zRange);
  db_prepare(&q,
    "SELECT rid, uuid, summary, ref,"
    "  (SELECT mtime FROM blob, rcvfrom"
    "    WHERE blob.uuid=ref AND rcvfrom.rcvid=blob.rcvid)"
    "  FROM description ORDER BY rid"
  );
  rNow = db_double(0.0, "SELECT julianday('now')");
  @ <table cellpadding="2" cellspacing="0" border="1">
  @ <tr><th>RID<th>Description<th>Source<th>Age
  while( db_step(&q)==SQLITE_ROW ){
    int rid = db_column_int(&q,0);
    const char *zUuid = db_column_text(&q, 1);
    const char *zDesc = db_column_text(&q, 2);
    const char *zRef = db_column_text(&q,3);
    double mtime = db_column_double(&q,4);
    @ <tr><td valign="top">%d(rid)</td>
    @ <td valign="top" align="left">%h(zUuid)<br>%h(zDesc)</td>
    if( zRef && zRef[0] ){
      @ <td valign="top">%z(href("%R/info/%!S",zRef))%!S(zRef)</a>
      if( mtime>0 ){
        char *zAge = human_readable_age(rNow - mtime);
        @ <td valign="top">%h(zAge)
        fossil_free(zAge);
      }else{
        @ <td>&nbsp;
      }
    }else{
      @ <td>&nbsp;<td>&nbsp;
    }
    @ </tr>
  }
  @ </table>
  db_finalize(&q);
}
Changes to src/security_audit.c. 
577
578
579
580
581
582
583






584
585
586
587
588
589
590

    @ <li><p>\
    @ There exists public phantom artifacts in this repository, shown below.
    @ Phantom artifacts are artifacts whose hash name is referenced by some
    @ other artifact but whose content is unknown.  Some phantoms are marked
    @ private and those are ignored.  But public phantoms cause unnecessary
    @ sync traffic and might represent malicious attempts to corrupt the
    @ repository structure.






    @ </p>
    table_of_public_phantoms();
    @ </li>
  }

  @ </ol>
  style_finish_page("secaudit");








>
>
>
>
>
>








577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596

    @ <li><p>\
    @ There exists public phantom artifacts in this repository, shown below.
    @ Phantom artifacts are artifacts whose hash name is referenced by some
    @ other artifact but whose content is unknown.  Some phantoms are marked
    @ private and those are ignored.  But public phantoms cause unnecessary
    @ sync traffic and might represent malicious attempts to corrupt the
    @ repository structure.
    @ </p><p>
    @ To suppress unnecessary sync traffic caused by phantoms, add the RID
    @ of each phantom to the "private" table.  Example:
    @ <blockquote><pre>
    @    INSERT INTO private SELECT rid FROM blob WHERE content IS NULL;
    @ </pre></blockquote>
    @ </p>
    table_of_public_phantoms();
    @ </li>
  }

  @ </ol>
  style_finish_page("secaudit");
This page was generated in about 0.019s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32