diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e79c8eb34..f34f201dc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,7 +30,9 @@ jobs: build: name: Build Project runs-on: windows-latest - + permissions: + contents: write + discussions: write steps: - name: Check out repository code (Action from GitHub) uses: actions/checkout@v3 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bca11e9f2..1be97934e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -3,20 +3,25 @@ # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# + name: "CodeQL" on: push: branches: [ "master" ] + paths-ignore: + - '**/*.md' + - '**/*.txt' + - '.github/**' + - '**/.gitignore' pull_request: # The branches below must be a subset of the branches above branches: [ "master" ] + paths-ignore: + - '**/*.md' + - '**/*.txt' + - '.github/**' + - '**/.gitignore' schedule: - cron: '30 19 * * 0' diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ed34599dc..c2d64cfc9 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -4,9 +4,19 @@ on: push: branches: - master + paths-ignore: + - '**/*.md' + - '**/*.txt' + - '.github/**' + - '**/.gitignore' pull_request: branches: - master + paths-ignore: + - '**/*.md' + - '**/*.txt' + - '.github/**' + - '**/.gitignore' defaults: run: diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..8a8128d5d --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,24 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| 1.3.x | :white_check_mark: | +| < 1.3 | ❎ | + +## Reporting a Vulnerability + +If you discover a security issue in our project, please report it to [MartiUK](https://github.com/MartiUK). We will acknowledge your email within 24 hours and provide a more detailed response within 48 hours. We will try to fix the issue as soon as possible and inform you when a new version is released. + +Please include as much of the information listed below as you can to help us better understand and resolve the issue: + +- The nature of the issue +- The affected source file(s) with full paths +- The location of the vulnerable code (tag/branch/commit or direct URL) +- Any special configuration needed to reproduce the issue +- Detailed steps to reproduce the issue +- Proof-of-concept or exploit code (if possible) +- The impact of the issue, including how an attacker could exploit it + +Please do not disclose the vulnerability publicly until we have resolved it. diff --git a/appveyor.yml b/appveyor.yml deleted file mode 100644 index 968a381f5..000000000 --- a/appveyor.yml +++ /dev/null @@ -1,60 +0,0 @@ -#---------------------------------# -# general configuration # -#---------------------------------# - -version: 1.0.{build}-{branch} - -# branches to build -branches: - # blacklist - except: - - gh-pages - -#---------------------------------# -# environment configuration # -#---------------------------------# - -# Operating system (build VM template) -os: Visual Studio 2022 - -#---------------------------------# -# build configuration # -#---------------------------------# - -build_script: - - ps: cd scripts; .\build.ps1 -Compile -verbose - -after_build: - - ps: .\pack.ps1 -verbose - -# Disable test search, since we don't have any. -test: off - -#---------------------------------# -# artifacts # -#---------------------------------# - -artifacts: - - path: build\cmder.zip - name: cmderzip - - - path: build\cmder.7z - name: cmder7z - - - path: build\cmder_mini.zip - name: cmdermini - - - path: build\hashes.txt - name: hashes - -#---------------------------------# -# notifications # -#---------------------------------# - -notifications: - # Webhook - - provider: Webhook - url: https://webhooks.gitter.im/e/d673abb1b2e659dcd625 - on_build_success: true - on_build_failure: true - on_build_status_changed: true diff --git a/vendor/clink.lua b/vendor/clink.lua index 83ef0c042..0593ae135 100644 --- a/vendor/clink.lua +++ b/vendor/clink.lua @@ -51,11 +51,37 @@ local function get_unknown_color() end --- --- Makes a string safe to use as the replacement in string.gsub +-- Escapes special characters in a string.gsub `find` parameter, so that it +-- can be matched as a literal plain text string, i.e. disable Lua pattern +-- matching. See "Patterns" (https://www.lua.org/manual/5.2/manual.html#6.4.1). +-- @param {string} text Text to escape +-- @returns {string} Escaped text --- -local function verbatim(s) - s = string.gsub(s, "%%", "%%%%") - return s +local function escape_gsub_find_arg(text) + return text and text:gsub("([-+*?.%%()%[%]$^])", "%%%1") or "" +end + +--- +-- Escapes special characters in a string.gsub `replace` parameter, so that it +-- can be replaced as a literal plain text string, i.e. disable Lua pattern +-- matching. See "Patterns" (https://www.lua.org/manual/5.2/manual.html#6.4.1). +-- @param {string} text Text to escape +-- @returns {string} Escaped text +--- +local function escape_gsub_replace_arg(text) + return text and text:gsub("%%", "%%%%") or "" +end + +--- +-- Perform string.sub, but disable Lua pattern matching and just treat both +-- the `find` and `replace` parameters as a literal plain text replacement. +-- @param {string} str Text in which to perform find and replace +-- @param {string} find Text to find (plain text; not a Lua pattern) +-- @param {string} replace Replacement text (plain text; not a Lua pattern) +-- @returns {string} Copy of the input `str` with `find` replaced by `replace` +--- +local function gsub_plain(str, find, replace) + return string.gsub(str, escape_gsub_find_arg(find), escape_gsub_replace_arg(replace)) end -- Extracts only the folder name from the input Path @@ -153,7 +179,7 @@ local function set_prompt_filter() end if prompt_useHomeSymbol and string.find(cwd, clink.get_env("HOME")) then - cwd = string.gsub(cwd, clink.get_env("HOME"), prompt_homeSymbol) + cwd = gsub_plain(cwd, clink.get_env("HOME"), prompt_homeSymbol) end local uah = '' @@ -176,14 +202,14 @@ local function set_prompt_filter() local version_control = prompt_includeVersionControl and "{git}{hg}{svn}" or "" local prompt = "{uah}{cwd}" .. version_control .. cr .. get_lamb_color() .. "{env}{lamb}\x1b[0m " - prompt = string.gsub(prompt, "{uah}", uah) - prompt = string.gsub(prompt, "{cwd}", cwd) - prompt = string.gsub(prompt, "{env}", env) - clink.prompt.value = string.gsub(prompt, "{lamb}", prompt_lambSymbol) + prompt = gsub_plain(prompt, "{uah}", uah) + prompt = gsub_plain(prompt, "{cwd}", cwd) + prompt = gsub_plain(prompt, "{env}", env) + clink.prompt.value = gsub_plain(prompt, "{lamb}", prompt_lambSymbol) end local function percent_prompt_filter() - clink.prompt.value = string.gsub(clink.prompt.value, "{percent}", "%%") + clink.prompt.value = gsub_plain(clink.prompt.value, "{percent}", "%") end --- @@ -532,13 +558,13 @@ local function git_prompt_filter() color = colors.conflict end - clink.prompt.value = string.gsub(clink.prompt.value, "{git}", " "..color.."("..verbatim(branch)..")") + clink.prompt.value = gsub_plain(clink.prompt.value, "{git}", " "..color.."("..branch..")") return false end end -- No git present or not in git file - clink.prompt.value = string.gsub(clink.prompt.value, "{git}", "") + clink.prompt.value = gsub_plain(clink.prompt.value, "{git}", "") return false end @@ -577,13 +603,13 @@ local function hg_prompt_filter() end local result = color .. "(" .. branch .. ")" - clink.prompt.value = string.gsub(clink.prompt.value, "{hg}", " "..verbatim(result)) + clink.prompt.value = gsub_plain(clink.prompt.value, "{hg}", " "..result) return false end end -- No hg present or not in hg repo - clink.prompt.value = string.gsub(clink.prompt.value, "{hg}", "") + clink.prompt.value = gsub_plain(clink.prompt.value, "{hg}", "") end local function svn_prompt_filter() @@ -636,13 +662,13 @@ local function svn_prompt_filter() color = colors.dirty end - clink.prompt.value = string.gsub(clink.prompt.value, "{svn}", " "..color.."("..verbatim(branch)..")") + clink.prompt.value = gsub_plain(clink.prompt.value, "{svn}", " "..color.."("..branch..")") return false end end -- No svn present or not in svn file - clink.prompt.value = string.gsub(clink.prompt.value, "{svn}", "") + clink.prompt.value = gsub_plain(clink.prompt.value, "{svn}", "") return false end diff --git a/vendor/sources.json b/vendor/sources.json index 0bd8563db..7ae42a95e 100644 --- a/vendor/sources.json +++ b/vendor/sources.json @@ -1,22 +1,22 @@ [ { "name": "git-for-windows", - "version": "2.40.1.windows.1", - "url": "https://github.com/git-for-windows/git/releases/download/v2.40.1.windows.1/PortableGit-2.40.1-64-bit.7z.exe" + "version": "2.41.0.windows.3", + "url": "https://github.com/git-for-windows/git/releases/download/v2.41.0.windows.3/PortableGit-2.41.0.3-64-bit.7z.exe" }, { "name": "clink", - "version": "1.4.24", - "url": "https://github.com/chrisant996/clink/releases/download/v1.4.24/clink.1.4.24.688975.zip" + "version": "1.5.1", + "url": "https://github.com/chrisant996/clink/releases/download/v1.5.1/clink.1.5.1.1e9e51.zip" }, { "name": "conemu-maximus5", - "version": "22.12.18", - "url": "https://github.com/Maximus5/ConEmu/releases/download/v22.12.18/ConEmuPack.221218.7z" + "version": "23.07.24", + "url": "https://github.com/Maximus5/ConEmu/releases/download/v23.07.24/ConEmuPack.230724.7z" }, { "name": "clink-completions", - "version": "0.4.8", - "url": "https://github.com/vladimir-kotikov/clink-completions/archive/v0.4.8.zip" + "version": "0.4.10", + "url": "https://github.com/vladimir-kotikov/clink-completions/archive/v0.4.10.zip" } ]