]>
Commit | Line | Data |
---|---|---|
0383bbb9 JK |
1 | #!/bin/sh |
2 | ||
3 | test_description='check handling of .. in submodule names | |
4 | ||
5 | Exercise the name-checking function on a variety of names, and then give a | |
6 | real-world setup that confirms we catch this in practice. | |
7 | ' | |
8 | . ./test-lib.sh | |
9 | ||
10 | test_expect_success 'check names' ' | |
11 | cat >expect <<-\EOF && | |
12 | valid | |
13 | valid/with/paths | |
14 | EOF | |
15 | ||
16 | git submodule--helper check-name >actual <<-\EOF && | |
17 | valid | |
18 | valid/with/paths | |
19 | ||
20 | ../foo | |
21 | /../foo | |
22 | ..\foo | |
23 | \..\foo | |
24 | foo/.. | |
25 | foo/../ | |
26 | foo\.. | |
27 | foo\..\ | |
28 | foo/../bar | |
29 | EOF | |
30 | ||
31 | test_cmp expect actual | |
32 | ' | |
33 | ||
34 | test_expect_success 'create innocent subrepo' ' | |
35 | git init innocent && | |
36 | git -C innocent commit --allow-empty -m foo | |
37 | ' | |
38 | ||
39 | test_expect_success 'submodule add refuses invalid names' ' | |
40 | test_must_fail \ | |
41 | git submodule add --name ../../modules/evil "$PWD/innocent" evil | |
42 | ' | |
43 | ||
44 | test_expect_success 'add evil submodule' ' | |
45 | git submodule add "$PWD/innocent" evil && | |
46 | ||
47 | mkdir modules && | |
48 | cp -r .git/modules/evil modules && | |
49 | write_script modules/evil/hooks/post-checkout <<-\EOF && | |
50 | echo >&2 "RUNNING POST CHECKOUT" | |
51 | EOF | |
52 | ||
53 | git config -f .gitmodules submodule.evil.update checkout && | |
54 | git config -f .gitmodules --rename-section \ | |
55 | submodule.evil submodule.../../modules/evil && | |
56 | git add modules && | |
57 | git commit -am evil | |
58 | ' | |
59 | ||
60 | # This step seems like it shouldn't be necessary, since the payload is | |
61 | # contained entirely in the evil submodule. But due to the vagaries of the | |
62 | # submodule code, checking out the evil module will fail unless ".git/modules" | |
63 | # exists. Adding another submodule (with a name that sorts before "evil") is an | |
64 | # easy way to make sure this is the case in the victim clone. | |
65 | test_expect_success 'add other submodule' ' | |
66 | git submodule add "$PWD/innocent" another-module && | |
67 | git add another-module && | |
68 | git commit -am another | |
69 | ' | |
70 | ||
71 | test_expect_success 'clone evil superproject' ' | |
72 | git clone --recurse-submodules . victim >output 2>&1 && | |
73 | ! grep "RUNNING POST CHECKOUT" output | |
74 | ' | |
75 | ||
0060fd15 JS |
76 | test_expect_success MINGW 'prevent git~1 squatting on Windows' ' |
77 | git init squatting && | |
78 | ( | |
79 | cd squatting && | |
80 | mkdir a && | |
81 | touch a/..git && | |
82 | git add a/..git && | |
83 | test_tick && | |
84 | git commit -m initial && | |
85 | ||
86 | modules="$(test_write_lines \ | |
87 | "[submodule \"b.\"]" "url = ." "path = c" \ | |
88 | "[submodule \"b\"]" "url = ." "path = d\\\\a" | | |
89 | git hash-object -w --stdin)" && | |
90 | rev="$(git rev-parse --verify HEAD)" && | |
91 | hash="$(echo x | git hash-object -w --stdin)" && | |
92 | git update-index --add \ | |
93 | --cacheinfo 100644,$modules,.gitmodules \ | |
94 | --cacheinfo 160000,$rev,c \ | |
95 | --cacheinfo 160000,$rev,d\\a \ | |
96 | --cacheinfo 100644,$hash,d./a/x \ | |
97 | --cacheinfo 100644,$hash,d./a/..git && | |
98 | test_tick && | |
99 | git commit -m "module" | |
100 | ) && | |
101 | test_must_fail git \ | |
102 | clone --recurse-submodules squatting squatting-clone 2>err && | |
103 | test_i18ngrep "directory not empty" err && | |
104 | ! grep gitdir squatting-clone/d/a/git~2 | |
105 | ' | |
106 | ||
0383bbb9 | 107 | test_done |