91 lines
3.1 KiB
Diff
91 lines
3.1 KiB
Diff
From 5c5a4a1c05932378d259b1fdd9526cab971656a2 Mon Sep 17 00:00:00 2001
|
|
From: Filip Hejsek <filip.hejsek@gmail.com>
|
|
Date: Sun, 28 Jan 2024 04:29:33 +0100
|
|
Subject: [PATCH] t0411: add tests for cloning from partial repo
|
|
|
|
Cloning from a partial repository must not fetch missing objects into
|
|
the partial repository, because that can lead to arbitrary code
|
|
execution.
|
|
|
|
Add a couple of test cases, pretending to the `upload-pack` command (and
|
|
to that command only) that it is working on a repository owned by
|
|
someone else.
|
|
|
|
Helped-by: Jeff King <peff@peff.net>
|
|
Signed-off-by: Filip Hejsek <filip.hejsek@gmail.com>
|
|
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
---
|
|
t/t0411-clone-from-partial.sh | 60 +++++++++++++++++++++++++++++++++++
|
|
1 file changed, 60 insertions(+)
|
|
create mode 100755 t/t0411-clone-from-partial.sh
|
|
|
|
diff --git a/t/t0411-clone-from-partial.sh b/t/t0411-clone-from-partial.sh
|
|
new file mode 100755
|
|
index 000000000..fb72a0a9f
|
|
--- /dev/null
|
|
+++ b/t/t0411-clone-from-partial.sh
|
|
@@ -0,0 +1,60 @@
|
|
+#!/bin/sh
|
|
+
|
|
+test_description='check that local clone does not fetch from promisor remotes'
|
|
+
|
|
+. ./test-lib.sh
|
|
+
|
|
+test_expect_success 'create evil repo' '
|
|
+ git init tmp &&
|
|
+ test_commit -C tmp a &&
|
|
+ git -C tmp config uploadpack.allowfilter 1 &&
|
|
+ git clone --filter=blob:none --no-local --no-checkout tmp evil &&
|
|
+ rm -rf tmp &&
|
|
+
|
|
+ git -C evil config remote.origin.uploadpack \"\$TRASH_DIRECTORY/fake-upload-pack\" &&
|
|
+ write_script fake-upload-pack <<-\EOF &&
|
|
+ echo >&2 "fake-upload-pack running"
|
|
+ >"$TRASH_DIRECTORY/script-executed"
|
|
+ exit 1
|
|
+ EOF
|
|
+ export TRASH_DIRECTORY &&
|
|
+
|
|
+ # empty shallow file disables local clone optimization
|
|
+ >evil/.git/shallow
|
|
+'
|
|
+
|
|
+test_expect_failure 'local clone must not fetch from promisor remote and execute script' '
|
|
+ rm -f script-executed &&
|
|
+ test_must_fail git clone \
|
|
+ --upload-pack="GIT_TEST_ASSUME_DIFFERENT_OWNER=true git-upload-pack" \
|
|
+ evil clone1 2>err &&
|
|
+ ! grep "fake-upload-pack running" err &&
|
|
+ test_path_is_missing script-executed
|
|
+'
|
|
+
|
|
+test_expect_failure 'clone from file://... must not fetch from promisor remote and execute script' '
|
|
+ rm -f script-executed &&
|
|
+ test_must_fail git clone \
|
|
+ --upload-pack="GIT_TEST_ASSUME_DIFFERENT_OWNER=true git-upload-pack" \
|
|
+ "file://$(pwd)/evil" clone2 2>err &&
|
|
+ ! grep "fake-upload-pack running" err &&
|
|
+ test_path_is_missing script-executed
|
|
+'
|
|
+
|
|
+test_expect_failure 'fetch from file://... must not fetch from promisor remote and execute script' '
|
|
+ rm -f script-executed &&
|
|
+ test_must_fail git fetch \
|
|
+ --upload-pack="GIT_TEST_ASSUME_DIFFERENT_OWNER=true git-upload-pack" \
|
|
+ "file://$(pwd)/evil" 2>err &&
|
|
+ ! grep "fake-upload-pack running" err &&
|
|
+ test_path_is_missing script-executed
|
|
+'
|
|
+
|
|
+test_expect_success 'pack-objects should fetch from promisor remote and execute script' '
|
|
+ rm -f script-executed &&
|
|
+ echo "HEAD" | test_must_fail git -C evil pack-objects --revs --stdout >/dev/null 2>err &&
|
|
+ grep "fake-upload-pack running" err &&
|
|
+ test_path_is_file script-executed
|
|
+'
|
|
+
|
|
+test_done
|
|
--
|
|
2.33.0
|
|
|