Gitosis Arguments to command look dangerous

gitosis-warningDealing with non-English languages, you might come across a couple of issues caused by special characters. Even gitosis has its limitations in this area. One of the error messages caused by special characters is: “Arguments to command look dangerous”.

When a repository is configured with special characters in the name, The first indication of a problem is given while pushing the repository configuration to gitosis-admin.

Counting objects: 3, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 364 bytes | 0 bytes/s, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: WARNING:gitosis.gitweb.set_descriptions:Cannot find 'TEST_WithSpeci\xc3\xa4lLetters' in '/home/git/repositories'
To ssh://git@git.example.com/gitosis-admin.git
   b72bed2..9ce7c6c  master -> master

The classification WARNING is misleading in the same way as it is in Gitosis Unsafe SSH username in keyfile and describes more an error situation then a warning. When this error is ignored, any attempt to push to this repository will fail as well with the following error massage. This time classified as an ERROR.

ERROR:gitosis.serve.main:Arguments to command look dangerous
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Analysing the root cause of this error leads to the source code of gitosis. In the same way as in Gitosis Unsafe SSH username in keyfile, the source shows a regular expression (regex) for validating the repository name. For the repository name, the regex is found in the /usr/lib/python2.6/site-packages/gitosis/serve.py file.

ALLOW_RE = re.compile("^'/*(?P[a-zA-Z0-9][a-zA-Z0-9@._-]*(/[a-zA-Z0-9][a-zA-Z0-9@._-]*)*)'$")

This defines the allowed characters for the repository name. The allowed characters do not allow for any special characters. Beside the possibility that special characters may cause problems in different places as well, gitosis does not support them.


Read more of my posts on my blog at http://blog.tinned-software.net/.

This entry was posted in Linux Administration, Version control system and tagged , , . Bookmark the permalink.