]> Kevux Git Server - rit/commit
sideband: add options to allow more control sequences to be passed through
authorJohannes Schindelin <johannes.schindelin@gmx.de>
Thu, 5 Mar 2026 23:34:49 +0000 (15:34 -0800)
committerJunio C Hamano <gitster@pobox.com>
Fri, 6 Mar 2026 21:52:28 +0000 (13:52 -0800)
commit128914438a0d2d55ae34314a0881f55a797024d5
treec8d6585b9182da48504e2fab0e3ef0039456f5e7
parent12f0fda905b4af3a15c125f96808e49ddbe39742
sideband: add options to allow more control sequences to be passed through

Even though control sequences that erase characters are quite juicy for
attack scenarios, where attackers are eager to hide traces of suspicious
activities, during the review of the side band sanitizing patch series
concerns were raised that there might be some legimitate scenarios where
Git server's `pre-receive` hooks use those sequences in a benign way.

Control sequences to move the cursor can likewise be used to hide tracks
by overwriting characters, and have been equally pointed out as having
legitimate users.

Let's add options to let users opt into passing through those ANSI
Escape sequences: `sideband.allowControlCharacters` now supports also
`cursor` and `erase`, and it parses the value as a comma-separated list.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation/config/sideband.adoc
sideband.c
t/t5409-colorize-remote-messages.sh