Merge remote-tracking branch 'upstream/master' into more_speed_2

This commit is contained in:
Dax T. Games 2023-07-28 09:53:34 -04:00
commit 9b446b31d5
4 changed files with 87 additions and 22 deletions

View File

@ -3,20 +3,25 @@
# #
# You may wish to alter this file to override the set of languages analyzed, # You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic. # or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL" name: "CodeQL"
on: on:
push: push:
branches: [ "master" ] branches: [ "master" ]
paths-ignore:
- '**/*.md'
- '**/*.txt'
- '.github/**'
- '**/.gitignore'
pull_request: pull_request:
# The branches below must be a subset of the branches above # The branches below must be a subset of the branches above
branches: [ "master" ] branches: [ "master" ]
paths-ignore:
- '**/*.md'
- '**/*.txt'
- '.github/**'
- '**/.gitignore'
schedule: schedule:
- cron: '30 19 * * 0' - cron: '30 19 * * 0'

View File

@ -4,9 +4,19 @@ on:
push: push:
branches: branches:
- master - master
paths-ignore:
- '**/*.md'
- '**/*.txt'
- '.github/**'
- '**/.gitignore'
pull_request: pull_request:
branches: branches:
- master - master
paths-ignore:
- '**/*.md'
- '**/*.txt'
- '.github/**'
- '**/.gitignore'
defaults: defaults:
run: run:

24
SECURITY.md Normal file
View File

@ -0,0 +1,24 @@
# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 1.3.x | :white_check_mark: |
| < 1.3 | |
## Reporting a Vulnerability
If you discover a security issue in our project, please report it to [MartiUK](https://github.com/MartiUK). We will acknowledge your email within 24 hours and provide a more detailed response within 48 hours. We will try to fix the issue as soon as possible and inform you when a new version is released.
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
- The nature of the issue
- The affected source file(s) with full paths
- The location of the vulnerable code (tag/branch/commit or direct URL)
- Any special configuration needed to reproduce the issue
- Detailed steps to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- The impact of the issue, including how an attacker could exploit it
Please do not disclose the vulnerability publicly until we have resolved it.

58
vendor/clink.lua vendored
View File

@ -51,11 +51,37 @@ local function get_unknown_color()
end end
--- ---
-- Makes a string safe to use as the replacement in string.gsub -- Escapes special characters in a string.gsub `find` parameter, so that it
-- can be matched as a literal plain text string, i.e. disable Lua pattern
-- matching. See "Patterns" (https://www.lua.org/manual/5.2/manual.html#6.4.1).
-- @param {string} text Text to escape
-- @returns {string} Escaped text
--- ---
local function verbatim(s) local function escape_gsub_find_arg(text)
s = string.gsub(s, "%%", "%%%%") return text and text:gsub("([-+*?.%%()%[%]$^])", "%%%1") or ""
return s end
---
-- Escapes special characters in a string.gsub `replace` parameter, so that it
-- can be replaced as a literal plain text string, i.e. disable Lua pattern
-- matching. See "Patterns" (https://www.lua.org/manual/5.2/manual.html#6.4.1).
-- @param {string} text Text to escape
-- @returns {string} Escaped text
---
local function escape_gsub_replace_arg(text)
return text and text:gsub("%%", "%%%%") or ""
end
---
-- Perform string.sub, but disable Lua pattern matching and just treat both
-- the `find` and `replace` parameters as a literal plain text replacement.
-- @param {string} str Text in which to perform find and replace
-- @param {string} find Text to find (plain text; not a Lua pattern)
-- @param {string} replace Replacement text (plain text; not a Lua pattern)
-- @returns {string} Copy of the input `str` with `find` replaced by `replace`
---
local function gsub_plain(str, find, replace)
return string.gsub(str, escape_gsub_find_arg(find), escape_gsub_replace_arg(replace))
end end
-- Extracts only the folder name from the input Path -- Extracts only the folder name from the input Path
@ -153,7 +179,7 @@ local function set_prompt_filter()
end end
if prompt_useHomeSymbol and string.find(cwd, clink.get_env("HOME")) then if prompt_useHomeSymbol and string.find(cwd, clink.get_env("HOME")) then
cwd = string.gsub(cwd, clink.get_env("HOME"), prompt_homeSymbol) cwd = gsub_plain(cwd, clink.get_env("HOME"), prompt_homeSymbol)
end end
local uah = '' local uah = ''
@ -176,14 +202,14 @@ local function set_prompt_filter()
local version_control = prompt_includeVersionControl and "{git}{hg}{svn}" or "" local version_control = prompt_includeVersionControl and "{git}{hg}{svn}" or ""
local prompt = "{uah}{cwd}" .. version_control .. cr .. get_lamb_color() .. "{env}{lamb}\x1b[0m " local prompt = "{uah}{cwd}" .. version_control .. cr .. get_lamb_color() .. "{env}{lamb}\x1b[0m "
prompt = string.gsub(prompt, "{uah}", uah) prompt = gsub_plain(prompt, "{uah}", uah)
prompt = string.gsub(prompt, "{cwd}", cwd) prompt = gsub_plain(prompt, "{cwd}", cwd)
prompt = string.gsub(prompt, "{env}", env) prompt = gsub_plain(prompt, "{env}", env)
clink.prompt.value = string.gsub(prompt, "{lamb}", prompt_lambSymbol) clink.prompt.value = gsub_plain(prompt, "{lamb}", prompt_lambSymbol)
end end
local function percent_prompt_filter() local function percent_prompt_filter()
clink.prompt.value = string.gsub(clink.prompt.value, "{percent}", "%%") clink.prompt.value = gsub_plain(clink.prompt.value, "{percent}", "%")
end end
--- ---
@ -532,13 +558,13 @@ local function git_prompt_filter()
color = colors.conflict color = colors.conflict
end end
clink.prompt.value = string.gsub(clink.prompt.value, "{git}", " "..color.."("..verbatim(branch)..")") clink.prompt.value = gsub_plain(clink.prompt.value, "{git}", " "..color.."("..branch..")")
return false return false
end end
end end
-- No git present or not in git file -- No git present or not in git file
clink.prompt.value = string.gsub(clink.prompt.value, "{git}", "") clink.prompt.value = gsub_plain(clink.prompt.value, "{git}", "")
return false return false
end end
@ -577,13 +603,13 @@ local function hg_prompt_filter()
end end
local result = color .. "(" .. branch .. ")" local result = color .. "(" .. branch .. ")"
clink.prompt.value = string.gsub(clink.prompt.value, "{hg}", " "..verbatim(result)) clink.prompt.value = gsub_plain(clink.prompt.value, "{hg}", " "..result)
return false return false
end end
end end
-- No hg present or not in hg repo -- No hg present or not in hg repo
clink.prompt.value = string.gsub(clink.prompt.value, "{hg}", "") clink.prompt.value = gsub_plain(clink.prompt.value, "{hg}", "")
end end
local function svn_prompt_filter() local function svn_prompt_filter()
@ -636,13 +662,13 @@ local function svn_prompt_filter()
color = colors.dirty color = colors.dirty
end end
clink.prompt.value = string.gsub(clink.prompt.value, "{svn}", " "..color.."("..verbatim(branch)..")") clink.prompt.value = gsub_plain(clink.prompt.value, "{svn}", " "..color.."("..branch..")")
return false return false
end end
end end
-- No svn present or not in svn file -- No svn present or not in svn file
clink.prompt.value = string.gsub(clink.prompt.value, "{svn}", "") clink.prompt.value = gsub_plain(clink.prompt.value, "{svn}", "")
return false return false
end end