Enum ArgumentSafety

pub enum ArgumentSafety<'a> {
    Absent,
    Usable(&'a str),
    Dangerous(&'a str),
}

Classification of a portion of a URL by whether it is syntactically safe to pass as an argument to a command-line program.

Various parts of URLs can be specified to begin with -. If they are used as options to a command-line application such as an SSH client, they will be treated as options rather than as non-option arguments as the developer intended. This is a security risk, because URLs are not always trusted and can often be composed or influenced by an attacker. See https://secure.phabricator.com/T12961 for details.

Security Warning

This type only expresses known syntactic risk. It does not cover other risks, such as passing a personal access token as a username rather than a password in an application that logs usernames.

Variants

Absent

May be safe. There is nothing to pass, so there is nothing dangerous.

Usable(&'a str)

May be safe. The argument does not begin with a - and so will not be confused as an option.

Dangerous(&'a str)

Dangerous! Begins with - and could be treated as an option. Use the value in error messages only.

Trait Implementations

impl<'a> Clone for ArgumentSafety<'a>

fn clone(&self) -> ArgumentSafety<'a>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<'a> Debug for ArgumentSafety<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> PartialEq for ArgumentSafety<'a>

fn eq(&self, other: &ArgumentSafety<'a>) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<'a> Copy for ArgumentSafety<'a>

impl<'a> Eq for ArgumentSafety<'a>

impl<'a> StructuralPartialEq for ArgumentSafety<'a>