]>
Commit | Line | Data |
---|---|---|
c536c075 JH |
1 | #!/bin/sh |
2 | ||
3 | test_description='paths written by git-apply cannot escape the working tree' | |
4 | . ./test-lib.sh | |
5 | ||
6 | # tests will try to write to ../foo, and we do not | |
7 | # want them to escape the trash directory when they | |
8 | # fail | |
9 | test_expect_success 'bump git repo one level down' ' | |
10 | mkdir inside && | |
11 | mv .git inside/ && | |
12 | cd inside | |
13 | ' | |
14 | ||
15 | # $1 = name of file | |
16 | # $2 = current path to file (if different) | |
17 | mkpatch_add () { | |
18 | rm -f "${2:-$1}" && | |
19 | cat <<-EOF | |
20 | diff --git a/$1 b/$1 | |
21 | new file mode 100644 | |
22 | index 0000000..53c74cd | |
23 | --- /dev/null | |
24 | +++ b/$1 | |
25 | @@ -0,0 +1 @@ | |
26 | +evil | |
27 | EOF | |
28 | } | |
29 | ||
30 | mkpatch_del () { | |
31 | echo evil >"${2:-$1}" && | |
32 | cat <<-EOF | |
33 | diff --git a/$1 b/$1 | |
34 | deleted file mode 100644 | |
35 | index 53c74cd..0000000 | |
36 | --- a/$1 | |
37 | +++ /dev/null | |
38 | @@ -1 +0,0 @@ | |
39 | -evil | |
40 | EOF | |
41 | } | |
42 | ||
43 | # $1 = name of file | |
44 | # $2 = content of symlink | |
45 | mkpatch_symlink () { | |
46 | rm -f "$1" && | |
47 | cat <<-EOF | |
48 | diff --git a/$1 b/$1 | |
49 | new file mode 120000 | |
50 | index 0000000..$(printf "%s" "$2" | git hash-object --stdin) | |
51 | --- /dev/null | |
52 | +++ b/$1 | |
53 | @@ -0,0 +1 @@ | |
54 | +$2 | |
55 | \ No newline at end of file | |
56 | EOF | |
57 | } | |
58 | ||
59 | test_expect_success 'cannot create file containing ..' ' | |
60 | mkpatch_add ../foo >patch && | |
61 | test_must_fail git apply patch && | |
62 | test_path_is_missing ../foo | |
63 | ' | |
64 | ||
65 | test_expect_success 'can create file containing .. with --unsafe-paths' ' | |
66 | mkpatch_add ../foo >patch && | |
67 | git apply --unsafe-paths patch && | |
68 | test_path_is_file ../foo | |
69 | ' | |
70 | ||
71 | test_expect_success 'cannot create file containing .. (index)' ' | |
72 | mkpatch_add ../foo >patch && | |
73 | test_must_fail git apply --index patch && | |
74 | test_path_is_missing ../foo | |
75 | ' | |
76 | ||
77 | test_expect_success 'cannot create file containing .. with --unsafe-paths (index)' ' | |
78 | mkpatch_add ../foo >patch && | |
79 | test_must_fail git apply --index --unsafe-paths patch && | |
80 | test_path_is_missing ../foo | |
81 | ' | |
82 | ||
83 | test_expect_success 'cannot delete file containing ..' ' | |
84 | mkpatch_del ../foo >patch && | |
85 | test_must_fail git apply patch && | |
86 | test_path_is_file ../foo | |
87 | ' | |
88 | ||
89 | test_expect_success 'can delete file containing .. with --unsafe-paths' ' | |
90 | mkpatch_del ../foo >patch && | |
91 | git apply --unsafe-paths patch && | |
92 | test_path_is_missing ../foo | |
93 | ' | |
94 | ||
95 | test_expect_success 'cannot delete file containing .. (index)' ' | |
96 | mkpatch_del ../foo >patch && | |
97 | test_must_fail git apply --index patch && | |
98 | test_path_is_file ../foo | |
99 | ' | |
100 | ||
e0d201b6 | 101 | test_expect_success SYMLINKS 'symlink escape via ..' ' |
c536c075 JH |
102 | { |
103 | mkpatch_symlink tmp .. && | |
104 | mkpatch_add tmp/foo ../foo | |
105 | } >patch && | |
106 | test_must_fail git apply patch && | |
107 | test_path_is_missing tmp && | |
108 | test_path_is_missing ../foo | |
109 | ' | |
110 | ||
e0d201b6 | 111 | test_expect_success SYMLINKS 'symlink escape via .. (index)' ' |
c536c075 JH |
112 | { |
113 | mkpatch_symlink tmp .. && | |
114 | mkpatch_add tmp/foo ../foo | |
115 | } >patch && | |
116 | test_must_fail git apply --index patch && | |
117 | test_path_is_missing tmp && | |
118 | test_path_is_missing ../foo | |
119 | ' | |
120 | ||
e0d201b6 | 121 | test_expect_success SYMLINKS 'symlink escape via absolute path' ' |
c536c075 JH |
122 | { |
123 | mkpatch_symlink tmp "$(pwd)" && | |
124 | mkpatch_add tmp/foo ../foo | |
125 | } >patch && | |
126 | test_must_fail git apply patch && | |
127 | test_path_is_missing tmp && | |
128 | test_path_is_missing ../foo | |
129 | ' | |
130 | ||
e0d201b6 | 131 | test_expect_success SYMLINKS 'symlink escape via absolute path (index)' ' |
c536c075 JH |
132 | { |
133 | mkpatch_symlink tmp "$(pwd)" && | |
134 | mkpatch_add tmp/foo ../foo | |
135 | } >patch && | |
136 | test_must_fail git apply --index patch && | |
137 | test_path_is_missing tmp && | |
138 | test_path_is_missing ../foo | |
139 | ' | |
140 | ||
141 | test_done |