]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c4f9977)
managen: strict protocol check
authorDaniel Stenberg <daniel@haxx.se>
Mon, 22 Sep 2025 06:33:20 +0000 (08:33 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 22 Sep 2025 07:06:00 +0000 (09:06 +0200)
- protocols MUST match one in the accept-list
- protocols are typically all uppercase
- drop All
- use SCP and SFTP instead of SSH
- add Protocols: to some options previously missing one

Closes #18675

17 files changed:
docs/cmdline-opts/doh-cert-status.md patch | blob | blame | history
docs/cmdline-opts/doh-insecure.md patch | blob | blame | history
docs/cmdline-opts/doh-url.md patch | blob | blame | history
docs/cmdline-opts/follow.md patch | blob | blame | history
docs/cmdline-opts/form-escape.md patch | blob | blame | history
docs/cmdline-opts/ip-tos.md patch | blob | blame | history
docs/cmdline-opts/key.md patch | blob | blame | history
docs/cmdline-opts/pass.md patch | blob | blame | history
docs/cmdline-opts/sasl-authzid.md patch | blob | blame | history
docs/cmdline-opts/sasl-ir.md patch | blob | blame | history
docs/cmdline-opts/socks5-gssapi-nec.md patch | blob | blame | history
docs/cmdline-opts/socks5-gssapi.md patch | blob | blame | history
docs/cmdline-opts/telnet-option.md patch | blob | blame | history
docs/cmdline-opts/upload-flags.md patch | blob | blame | history
docs/cmdline-opts/url-query.md patch | blob | blame | history
docs/cmdline-opts/vlan-priority.md patch | blob | blame | history
scripts/managen patch | blob | blame | history

diff --git a/docs/cmdline-opts/doh-cert-status.md b/docs/cmdline-opts/doh-cert-status.md
index 7c497cf16f426a90d5df043ecccbdb6639f1ca60..445eb3dcd04c03d234fbb0d00e8bf9545ee0bb1c 100644 (file)
--- a/docs/cmdline-opts/doh-cert-status.md
+++ b/docs/cmdline-opts/doh-cert-status.md
@@ -5,6 +5,7 @@ Long: doh-cert-status
 Help: Verify DoH server cert status OCSP-staple
 Added: 7.76.0
 Category: dns tls
+Protocols: DNS
 Multi: boolean
 See-also:
   - doh-insecure
diff --git a/docs/cmdline-opts/doh-insecure.md b/docs/cmdline-opts/doh-insecure.md
index 72f3cb77252bb20784ca18b4dab2cba768ffacdc..ee1602a242fdfd43fba118a02b796813e4e76360 100644 (file)
--- a/docs/cmdline-opts/doh-insecure.md
+++ b/docs/cmdline-opts/doh-insecure.md
@@ -5,6 +5,7 @@ Long: doh-insecure
 Help: Allow insecure DoH server connections
 Added: 7.76.0
 Category: dns tls
+Protocols: DNS
 Multi: boolean
 See-also:
   - doh-url
diff --git a/docs/cmdline-opts/doh-url.md b/docs/cmdline-opts/doh-url.md
index dcc6e52f8a4f6a2062dca500dac59fbfb36217b0..60cf6caab01682175292aefb22cdbfef5813141e 100644 (file)
--- a/docs/cmdline-opts/doh-url.md
+++ b/docs/cmdline-opts/doh-url.md
@@ -6,6 +6,7 @@ Arg: <URL>
 Help: Resolve hostnames over DoH
 Added: 7.62.0
 Category: dns
+Protocols: DNS
 Multi: single
 See-also:
   - doh-insecure
diff --git a/docs/cmdline-opts/follow.md b/docs/cmdline-opts/follow.md
index 47d9128441808def2a303d44ab1b9eb22a01577f..e791e36adf34e2a380ef15b880daa127045d226f 100644 (file)
--- a/docs/cmdline-opts/follow.md
+++ b/docs/cmdline-opts/follow.md
@@ -4,6 +4,7 @@ SPDX-License-Identifier: curl
 Long: follow
 Help: Follow redirects per spec
 Category: http
+Protocols: HTTP
 Added: 8.16.0
 Multi: boolean
 See-also:
diff --git a/docs/cmdline-opts/form-escape.md b/docs/cmdline-opts/form-escape.md
index 0f93fde7eb26e3188bc5595d1e8aacfc8493e51a..7cf1cb7403db74e85332c314c3cddc36304aaf2f 100644 (file)
--- a/docs/cmdline-opts/form-escape.md
+++ b/docs/cmdline-opts/form-escape.md
@@ -3,7 +3,7 @@ c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: form-escape
 Help: Escape form fields using backslash
-Protocols: HTTP imap smtp
+Protocols: HTTP IMAP SMTP
 Added: 7.81.0
 Category: http upload post
 Multi: single
diff --git a/docs/cmdline-opts/ip-tos.md b/docs/cmdline-opts/ip-tos.md
index 3d6473f3128223d9f28502ae654046c61cd5088b..f5ef589e23548ee3bf25ea296f56b1bdde061ae4 100644 (file)
--- a/docs/cmdline-opts/ip-tos.md
+++ b/docs/cmdline-opts/ip-tos.md
@@ -6,7 +6,6 @@ Arg: <string>
 Help: Set IP Type of Service or Traffic Class
 Added: 8.9.0
 Category: connection
-Protocols: All
 Multi: single
 See-also:
   - tcp-nodelay
diff --git a/docs/cmdline-opts/key.md b/docs/cmdline-opts/key.md
index 967119a8b50eab1cffaa758bbf92299cb9af5b6b..cc4bc73fa5b32aeee3be0312f5f7c23825cb7055 100644 (file)
--- a/docs/cmdline-opts/key.md
+++ b/docs/cmdline-opts/key.md
@@ -3,7 +3,7 @@ c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: key
 Arg: <key>
-Protocols: TLS SSH
+Protocols: TLS SCP SFTP
 Help: Private key filename
 Category: tls ssh
 Added: 7.9.3
diff --git a/docs/cmdline-opts/pass.md b/docs/cmdline-opts/pass.md
index 0527334f2ab98039fd9c4b48a7f385375479b022..79c2f8738a13bd889f708f4b606f282fe6f7c7c4 100644 (file)
--- a/docs/cmdline-opts/pass.md
+++ b/docs/cmdline-opts/pass.md
@@ -4,7 +4,7 @@ SPDX-License-Identifier: curl
 Long: pass
 Arg: <phrase>
 Help: Passphrase for the private key
-Protocols: SSH TLS
+Protocols: TLS SCP SFTP
 Category: ssh tls auth
 Added: 7.9.3
 Multi: single
diff --git a/docs/cmdline-opts/sasl-authzid.md b/docs/cmdline-opts/sasl-authzid.md
index 4c4282d14dd3396dc21dcfd7b299aab44e465319..4e92a20541525f240f88b6b25874a48bb2ac6137 100644 (file)
--- a/docs/cmdline-opts/sasl-authzid.md
+++ b/docs/cmdline-opts/sasl-authzid.md
@@ -4,6 +4,7 @@ SPDX-License-Identifier: curl
 Long: sasl-authzid
 Arg: <identity>
 Help: Identity for SASL PLAIN authentication
+Protocols: LDAP IMAP POP3 SMTP
 Added: 7.66.0
 Category: auth
 Multi: single
diff --git a/docs/cmdline-opts/sasl-ir.md b/docs/cmdline-opts/sasl-ir.md
index 0f759c6d1005be9b52872aebba610e0b5a2955f4..206bf29317a82de6d5692835880e48229834e4a5 100644 (file)
--- a/docs/cmdline-opts/sasl-ir.md
+++ b/docs/cmdline-opts/sasl-ir.md
@@ -3,6 +3,7 @@ c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: sasl-ir
 Help: Initial response in SASL authentication
+Protocols: LDAP IMAP POP3 SMTP
 Added: 7.31.0
 Category: auth
 Multi: boolean
diff --git a/docs/cmdline-opts/socks5-gssapi-nec.md b/docs/cmdline-opts/socks5-gssapi-nec.md
index eef6b2de9df18b18c5fce08e6cb547edc1010c5b..9cd91b96150f61e8c6a03714e264e6e254af5614 100644 (file)
--- a/docs/cmdline-opts/socks5-gssapi-nec.md
+++ b/docs/cmdline-opts/socks5-gssapi-nec.md
@@ -5,6 +5,7 @@ Long: socks5-gssapi-nec
 Help: Compatibility with NEC SOCKS5 server
 Added: 7.19.4
 Category: proxy auth
+Protocols: GSS/kerberos
 Multi: boolean
 See-also:
   - socks5
diff --git a/docs/cmdline-opts/socks5-gssapi.md b/docs/cmdline-opts/socks5-gssapi.md
index e17425431b302f22214d34119b0ffae7ce492b58..b8520b22cc7254afc77ef242f52187be159d72f6 100644 (file)
--- a/docs/cmdline-opts/socks5-gssapi.md
+++ b/docs/cmdline-opts/socks5-gssapi.md
@@ -5,6 +5,7 @@ Long: socks5-gssapi
 Help: Enable GSS-API auth for SOCKS5 proxies
 Added: 7.55.0
 Category: proxy auth
+Protocols: GSS/kerberos
 Multi: boolean
 See-also:
   - socks5
diff --git a/docs/cmdline-opts/telnet-option.md b/docs/cmdline-opts/telnet-option.md
index a332b1a5cddb5a8da42a6b8cad6c6b2b94fd5640..ca82a4ceb8e5d7b08f232c5bbde1fd755adf888d 100644 (file)
--- a/docs/cmdline-opts/telnet-option.md
+++ b/docs/cmdline-opts/telnet-option.md
@@ -6,6 +6,7 @@ Short: t
 Arg: <opt=val>
 Help: Set telnet option
 Category: telnet
+Protocols: TELNET
 Added: 7.7
 Multi: append
 See-also:
diff --git a/docs/cmdline-opts/upload-flags.md b/docs/cmdline-opts/upload-flags.md
index e30fb3dbdb9f46c6533c47cee2daf877698a97ce..d1761487683663ceb5e91584c30846d840182de5 100644 (file)
--- a/docs/cmdline-opts/upload-flags.md
+++ b/docs/cmdline-opts/upload-flags.md
@@ -4,6 +4,7 @@ SPDX-License-Identifier: curl
 Long: upload-flags
 Arg: <flags>
 Help: IMAP upload behavior
+Protocols: IMAP
 Category: curl output
 Added: 8.13.0
 Multi: single
diff --git a/docs/cmdline-opts/url-query.md b/docs/cmdline-opts/url-query.md
index 43bf43d9325c5663d6c8af24982065193ff95c1f..3953eda4c72fc8547e52584602779e18bfb4f1ec 100644 (file)
--- a/docs/cmdline-opts/url-query.md
+++ b/docs/cmdline-opts/url-query.md
@@ -4,7 +4,6 @@ SPDX-License-Identifier: curl
 Long: url-query
 Arg: <data>
 Help: Add a URL query part
-Protocols: all
 Added: 7.87.0
 Category: http post upload
 Multi: append
diff --git a/docs/cmdline-opts/vlan-priority.md b/docs/cmdline-opts/vlan-priority.md
index 34dc8ce0661305d466eabe58cf07add7abb35aea..c49c659e5c46b0b26a03fc009370d274d6a72492 100644 (file)
--- a/docs/cmdline-opts/vlan-priority.md
+++ b/docs/cmdline-opts/vlan-priority.md
@@ -6,7 +6,6 @@ Arg: <priority>
 Help: Set VLAN priority
 Added: 8.9.0
 Category: connection
-Protocols: All
 Multi: single
 See-also:
   - ip-tos
diff --git a/scripts/managen b/scripts/managen
index 9290680670991b42ec5c3b4f5d4e52367c4f0e94..4849fe8378db1625164ac2e4fdaebe5939e6d2dd 100755 (executable)
--- a/scripts/managen
+++ b/scripts/managen
@@ -241,8 +241,38 @@ sub overrides {
     }
 }
 
+my %protexists = (
+    'DNS' => 1,
+    'FILE' => 1,
+    'FTP' => 1,
+    'FTPS' => 1,
+    'GSS/kerberos' => 1,
+    'HTTP' => 1,
+    'HTTPS' => 1,
+    'IMAP' => 1,
+    'IPFS' => 1,
+    'LDAP' => 1,
+    'MQTT' => 1,
+    'POP3' => 1,
+    'SCP' => 1,
+    'SFTP' => 1,
+    'SMTP' => 1,
+    'SSL' => 2, # deprecated
+    'TELNET' => 1,
+    'TFTP' => 1,
+    'TLS' => 1,
+    );
+
 sub protocols {
-    my ($manpage, $standalone, $data)=@_;
+    my ($f, $line, $manpage, $standalone, $data)=@_;
+    my @e = split(/ +/, $data);
+    for my $pr (@e) {
+        if(!$protexists{$pr}) {
+
+            print STDERR "$f:$line:1:ERROR: unrecognized protocol: $pr\n";
+            exit 2;
+        }
+    }
     if($standalone) {
         return ".SH \"PROTOCOLS\"\n$data\n";
     }
@@ -716,7 +746,7 @@ sub single {
     }
     my @leading;
     if($protocols) {
-        push @leading, protocols($manpage, $standalone, $protocols);
+        push @leading, protocols($f, $line, $manpage, $standalone, $protocols);
     }
 
     if($standalone) {
Mirror of https://github.com/curl/curl.git