Commands and Options I Wish I Knew Earlier About Git

Git becomes de facto of source code management (SCM) system among developers. Many developers used to work on git from console. Mostly used commands are git status, git add, git commit and git push.

Apart from these commands, there are lot of useful commands in git. Initial days, i find difficulties in tracking changes made by me and my team mates couple of days or few weeks ago. Here we will see some of commands that are interesting and useful to your workflow.

1. Short status output

git status is mostly used command in Git. But it gives lot of information which is not useful for people who are proficient with git. If you are one among them, then use

git status -sb

2. View changes by revision

If you want to view changes made at particular revision

  git show <revision>

  git show df2edcd
  (or)
  git show HEAD     #HEAD means latest commit
  (or)
  git show HEAD~1   #HEAD~1 means commit before the commit that HEAD currently points at

In case, you want to view only changed file name, not the contents, Use --name-only option

  git show --name-only  df2edcd
  (or)
  git show --name-only --oneline df2edcd
  (or)
  git show --name-only  --pretty="format:" df2edcd

3. View changes of specific file

If you want to view changes of specific file, then

  git show df2edcd:app/index.html
  (or)
  git show HEAD~1:app/index.html

  git show @{22-09-2014}:app/index.html

4. Search for commit message

You want to search a commit which message matches a regex

  git show :/fixed
  # shows the last commit which has the word "fixed" in its message

  git show :/analytics
  # shows the last commit which has the word "analytics" in its message

5. list all files that were modified or added in this time

List all files added/modified 9 days ago

  git diff "@{9 days ago}"
  git diff --name-only "@{9 days ago}"
  git diff --name-status "@{9 days ago}"

List all files added/modified between 9 days ago and 6 days ago

  git diff "@{9 days ago}" "@{6 days ago}"
  git diff --name-only "@{9 days ago}" "@{6 days ago}"
  git diff --name-status "@{9 days ago}" "@{6 days ago}"

6. Changes between two commit revision

List all files between two commits adab4ab and 6da161b

  git diff adab4ab^ 6da161b
  git diff --name-only adab4ab^ 6da161b
  git diff --name-status adab4ab^ 6da161b

Hope it useful. Share your favorite commands in comments. Happy commit and have a nice day.

View comments

Fix Shellshock Bash Vulnerability in OSX Bash

GNU Bash vulnerability, referred to as Shellshock or the Bash Bug, was found on Sep 24, 2014. The Shellshock vulnerability is very widespread and even more so than the OpenSSL Heartbleed bug So it is highly recommended that affected systems are properly updated to fix or mitigate the vulnerability as soon as possible.

What is Shellshock

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

To know more about Shellshock, read an amazing article from Troy Hunt

Check System Vulnerability

You can check the system for Shellshock vulnerability by running following command in bash

env Y='() { :;}; echo I am vulnerable!' bash -c "echo This is Bash"

If your version of Bash is vulnerable, then you will see following output

I am vulnerable
This is Bash

Instead of echo I am vulnerable! portion, attacker can run any command; arbitrary code following a function definition within an environment variable assignment. If your system don't have Shellshock vulnerability, then you will see following output

bash: warning: Y: ignoring function definition attempt
bash: error importing function definition for `Y'
This is Bash

How to fix in Mac OSX

If your bash is vulnerable, then you can install latest version of bash as follows, provided that you have XCode installed,

$ mkdir bash-fix
$ cd bash-fix
$ curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
$ cd bash-92/bash-3.2
$ curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
$ curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0
$ cd ..
$ sudo xcodebuild
$ sudo cp /bin/bash /bin/bash.old
$ sudo cp /bin/sh /bin/sh.old
$ build/Release/bash --version # GNU bash, version 3.2.53(1)-release
$ build/Release/sh --version   # GNU bash, version 3.2.53(1)-release
$ sudo cp build/Release/bash /bin
$ sudo cp build/Release/sh /bin

Once you installed, check your bash version(bash --version), it should be GNU bash, version 3.2.53(1)-release

For security reason, you have to remove the executable permission from older bash

$ sudo chmod a-x /bin/bash.old /bin/sh.old

That's it. Keep in mind that this fix is temporary. We have to wait for real fix until apple releases it.

If you using Linux distribution, please read Digital Ocean blog on Shellshock

Kudos

View comments

Download a file without server request

We have come across Download file link(button) in lot of sites. Generally, When you click download link or button, it sends GET request to server and server returns the downloadable content(with content-disposition header). Now-a-days we are building lot of Single Page application where we get the JSON payload from the server and render it in the client side. Since we have the data in the client side, we don't want to sent another request to download the content. So we will see how to download the content from the client side without an extra request to server.

How existing download from server works

Whenever you click the download link, it will send GET request. The server will set Content-disposition header to attachment; filename=some-filename.csv and set the data in the body.

Sample code from Node.js to download CSV file

http.createServer(function(request, response) {
    response.setHeader('Content-disposition', 'attachment; filename=some-filename.csv');
    response.writeHead(200, {
        'Content-Type': 'text/csv'
    });

    csv().from(data).to(response)

})
.listen(3000);

Download content without server request

This can be done by two ways.

  1. Using Data URL
  2. Using Downloadify library

Using Data URI

The data should be placed in the href attribute with data url format. You can also set the filename in the download attribute.

<a href="data:text/plain,this is some text" download="some-filename.txt" target="_blank">Download<a>

Caution: The data url is not supported across all browser/version combinations.

Using Downloadify

Downloadify is a tiny javascript + Flash library that enables the creation and download of text files without server interaction. It works even in IE. It is much better than previous one.

Usage:

// Any JavaScript framework:
Downloadify.create( id_or_DOM_element, options );

// With Jquery
$("#element").downloadify( options );

HTML

<head>
    <script type="text/javascript" src="js/swfobject.js"></script>
    <script type="text/javascript" src="js/downloadify.min.js"></script>
</head>
<body onload="load();">
  <form>
    <input type="text" name="filename" value="testfile.txt" id="filename" />
    <textarea cols="60" rows="10" name="data" id="data">
        Whatever you put in this text box will be downloaded and saved in the file. If you leave it blank, no file will be downloaded
    </textarea>
    <p id="downloadify">
      You must have Flash 10 installed to download this file.
    </p>
  </form>
</body>

Javascript

function load(){
      Downloadify.create('downloadify',{
        filename: function(){
          return document.getElementById('filename').value;
        },
        data: function(){
          return document.getElementById('data').value;
        },
        onComplete: function(){ alert('Your File Has Been Saved!'); },
        onCancel: function(){ alert('You have cancelled the saving of this file.'); },
        onError: function(){ alert('You must put something in the File Contents or there will be nothing to save!'); },
        swf: 'media/downloadify.swf',
        downloadImage: 'images/download.png',
        width: 100,
        height: 30,
        transparent: true,
        append: false
      });
    }

A very simple demo is available that lets you supply your own content and filename and test out saving, canceling, and the error functionality when the file is blank.

Please check Downloadify Readme for more information. Share your thoughts and suggestions in the comment. Have a nice day.

View comments