зеркало из https://github.com/microsoft/git.git
fsck: reject submodule.update = !command in .gitmodules
This allows hosting providers to detect whether they are being used
to attack users using malicious 'update = !command' settings in
.gitmodules.
Since ac1fbbda20 (submodule: do not copy unknown update mode from
.gitmodules, 2013-12-02), in normal cases such settings have been
treated as 'update = none', so forbidding them should not produce any
collateral damage to legitimate uses. A quick search does not reveal
any repositories making use of this construct, either.
Reported-by: Joern Schneeweisz <jschneeweisz@gitlab.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Jonathan Nieder
Johannes Schindelin
Родитель
bdfef0492c
Коммит
bb92255ebe
7
fsck.c
7
fsck.c
|
|
@ -66,6 +66,7 @@ static struct oidset gitmodules_done = OIDSET_INIT;
|
||||||
FUNC(GITMODULES_SYMLINK, ERROR) \
|
FUNC(GITMODULES_SYMLINK, ERROR) \
|
||||||
FUNC(GITMODULES_URL, ERROR) \
|
FUNC(GITMODULES_URL, ERROR) \
|
||||||
FUNC(GITMODULES_PATH, ERROR) \
|
FUNC(GITMODULES_PATH, ERROR) \
|
||||||
|
FUNC(GITMODULES_UPDATE, ERROR) \
|
||||||
/* warnings */ \
|
/* warnings */ \
|
||||||
FUNC(BAD_FILEMODE, WARN) \
|
FUNC(BAD_FILEMODE, WARN) \
|
||||||
FUNC(EMPTY_NAME, WARN) \
|
FUNC(EMPTY_NAME, WARN) \
|
||||||
|
|
@ -975,6 +976,12 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
|
||||||
FSCK_MSG_GITMODULES_PATH,
|
FSCK_MSG_GITMODULES_PATH,
|
||||||
"disallowed submodule path: %s",
|
"disallowed submodule path: %s",
|
||||||
value);
|
value);
|
||||||
|
if (!strcmp(key, "update") && value &&
|
||||||
|
parse_submodule_update_type(value) == SM_UPDATE_COMMAND)
|
||||||
|
data->ret |= report(data->options, data->obj,
|
||||||
|
FSCK_MSG_GITMODULES_UPDATE,
|
||||||
|
"disallowed submodule update setting: %s",
|
||||||
|
value);
|
||||||
free(name);
|
free(name);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
|
|
@ -414,6 +414,20 @@ test_expect_success 'submodule update - command in .gitmodules is rejected' '
|
||||||
test_must_fail git -C super submodule update submodule
|
test_must_fail git -C super submodule update submodule
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success 'fsck detects command in .gitmodules' '
|
||||||
|
git init command-in-gitmodules &&
|
||||||
|
(
|
||||||
|
cd command-in-gitmodules &&
|
||||||
|
git submodule add ../submodule submodule &&
|
||||||
|
test_commit adding-submodule &&
|
||||||
|
|
||||||
|
git config -f .gitmodules submodule.submodule.update "!false" &&
|
||||||
|
git add .gitmodules &&
|
||||||
|
test_commit configuring-update &&
|
||||||
|
test_must_fail git fsck
|
||||||
|
)
|
||||||
|
'
|
||||||
|
|
||||||
cat << EOF >expect
|
cat << EOF >expect
|
||||||
Execution of 'false $submodulesha1' failed in submodule path 'submodule'
|
Execution of 'false $submodulesha1' failed in submodule path 'submodule'
|
||||||
EOF
|
EOF
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче