pktline

package
v1.77.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2020 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Data

func Data(pkt []byte) []byte

Data returns the packet pkt without its length header. The length header is not validated. Returns an empty slice when pkt is a magic packet such as '0000'.

func IsFlush

func IsFlush(pkt []byte) bool

IsFlush detects the special flush packet '0000'

func NewScanner

func NewScanner(r io.Reader) *bufio.Scanner

NewScanner returns a bufio.Scanner that splits on Git pktline boundaries

func PktDone added in v1.65.2

func PktDone() []byte

PktDone returns the bytes for a "done" packet.

func PktFlush added in v1.65.2

func PktFlush() []byte

PktFlush returns the bytes for a "flush" packet.

func WriteDelim added in v0.125.0

func WriteDelim(w io.Writer) error

WriteDelim writes a pkt delim packet.

func WriteFlush

func WriteFlush(w io.Writer) error

WriteFlush writes a pkt flush packet.

func WriteString

func WriteString(w io.Writer, str string) (int, error)

WriteString writes a string with pkt-line framing

Types

type ReadMonitor added in v1.65.2

type ReadMonitor struct {
	// contains filtered or unexported fields
}

ReadMonitor monitors an io.Reader, waiting for a specified packet. If the packet doesn't come within a timeout, a cancel function is called. This can be used to place a timeout on the *negotiation* phase of some git commands, aborting them if it is exceeded.

This timeout prevents a class of "use-after-check" security issue when the access check for a git command is run before the command itself. The user has control of stdin for the git command, and if they can delay input for an arbitrarily long time, they can gain access days or weeks after the access check has completed.

This approach is better than placing a timeout on the overall git operation because there is a conflict between mitigating the use-after-check with a short timeout, and allowing long-lived git operations to complete. The negotiation phase is a small proportion of the time taken for a large git fetch, for instance, so tighter limits can be placed on it, leading to a better mitigation.

func NewReadMonitor added in v1.65.2

func NewReadMonitor(ctx context.Context, r io.Reader) (*os.File, *ReadMonitor, error)

NewReadMonitor wraps the provided reader with an os.Pipe(), returning the read end for onward use.

Call Monitor(pkt, timeout, cancelFn) to start streaming from the reader to to the pipe. The stream will be monitored for a pktline-formatted packet matching pkt. If it isn't seen within the timeout, cancelFn will be called.

Resources will be freed when the context is done, but you should close the returned *os.File earlier if possible.

func (*ReadMonitor) Monitor added in v1.65.2

func (m *ReadMonitor) Monitor(pkt []byte, timeout time.Duration, cancelFn func())

Monitor should be called at most once. It scans the stream, looking for the specified packet, and will call cancelFn if it isn't seen within the timeout

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL