From c1dd71df701a7db56cdcb847aecac2bc8ecb47a6 Mon Sep 17 00:00:00 2001 From: Sven Strickroth Date: Fri, 19 Oct 2018 21:35:02 +0200 Subject: [PATCH] Add security note for hook scripts from within the repository Signed-off-by: Sven Strickroth --- Languages/Tortoise.pot | 4 ++++ doc/source/en/TortoiseGit/tgit_dug/dug_settings_hooks.xml | 8 +++++++- src/Resources/TortoiseProcENG.rc | 2 ++ src/TortoiseProc/resource.h | 1 + src/Utils/Hooks.cpp | 1 + 5 files changed, 15 insertions(+), 1 deletion(-) diff --git a/Languages/Tortoise.pot b/Languages/Tortoise.pot index 885eb3379..43891c5f4 100644 --- a/Languages/Tortoise.pot +++ b/Languages/Tortoise.pot @@ -5265,6 +5265,10 @@ msgstr "" msgid "If this is enabled, no value is stored or overwritten at this config level." msgstr "" +#. Resource IDs: (IDS_HOOKS_APPROVE_SECURITYHINT) +msgid "If you are executing a versioned file from the repository, please note that the content possibly have been altered by third parties unnoticed (e.g. after pull or merge). Keep this in mind especially if you approve a repository hook permanently." +msgstr "" + #. Resource IDs: (Dialog IDD_CREATEREPO: Control id 1654) msgid "If you plan to work inside this folder, leave this unchecked. Typically a bare repo can only have changes 'pushed' to it. (By convention, a bare repo folder should have a name that ends with '.git')" msgstr "" diff --git a/doc/source/en/TortoiseGit/tgit_dug/dug_settings_hooks.xml b/doc/source/en/TortoiseGit/tgit_dug/dug_settings_hooks.xml index 677fd6892..01f73ce3e 100644 --- a/doc/source/en/TortoiseGit/tgit_dug/dug_settings_hooks.xml +++ b/doc/source/en/TortoiseGit/tgit_dug/dug_settings_hooks.xml @@ -115,7 +115,7 @@ In this case, you can specify paths for the command line with the replacement string %root% for the path to the working tree folder. The hook script has to be inside the repository and - also be checked out of course. + also be checked out of course (please also note the security implications below). Next you must specify the command line to execute, starting with the path @@ -258,6 +258,12 @@ Normally you will want to hide ugly DOS boxes when the script runs, so Hide the script while running is checked by default. + + + If you are executing a versioned file/script from the repository, please note that the file possibly + gets altered by third parties unnoticed (e.g. after pull or merge). + + Issue Tracker Integration diff --git a/src/Resources/TortoiseProcENG.rc b/src/Resources/TortoiseProcENG.rc index 871e28c04..c9cf1d842 100644 --- a/src/Resources/TortoiseProcENG.rc +++ b/src/Resources/TortoiseProcENG.rc @@ -3548,6 +3548,8 @@ BEGIN IDS_PROC_EXPORT_2 "Export unversioned files too" IDS_PROC_EXPORT_3 "Exporting..." IDS_SELECT "Select" + IDS_HOOKS_APPROVE_SECURITYHINT + "If you are executing a versioned file from the repository, please note that the content possibly have been altered by third parties unnoticed (e.g. after pull or merge). Keep this in mind especially if you approve a repository hook permanently." END STRINGTABLE diff --git a/src/TortoiseProc/resource.h b/src/TortoiseProc/resource.h index 7ed53f51b..37647295d 100644 --- a/src/TortoiseProc/resource.h +++ b/src/TortoiseProc/resource.h @@ -601,6 +601,7 @@ #define IDC_SKIPPER 1261 #define IDC_SKIPPERLABEL 1262 #define IDS_SELECT 1262 +#define IDS_HOOKS_APPROVE_SECURITYHINT 1263 #define IDS_PROC_SETTINGS_TITLE 1264 #define IDC_SHOWIGNORED 1264 #define IDC_AUTHORSCASESENSITIVE 1265 diff --git a/src/Utils/Hooks.cpp b/src/Utils/Hooks.cpp index 8104cabdc..5edfe0769 100644 --- a/src/Utils/Hooks.cpp +++ b/src/Utils/Hooks.cpp @@ -683,6 +683,7 @@ bool CHooks::ApproveHook(HWND hWnd, hookiterator it) taskdlg.SetVerificationCheckbox(false); taskdlg.SetDefaultCommandControl(2); taskdlg.SetMainIcon(TD_WARNING_ICON); + taskdlg.SetFooterText(CString(MAKEINTRESOURCE(IDS_HOOKS_APPROVE_SECURITYHINT))); bApproved = taskdlg.DoModal(hWnd) == 1; bDoNotAskAgain = !!taskdlg.GetVerificationCheckboxState(); -- 2.11.4.GIT