summaryrefslogtreecommitdiff
path: root/t
diff options
context:
space:
mode:
authorLibravatar Junio C Hamano <gitster@pobox.com>2015-03-13 22:56:02 -0700
committerLibravatar Junio C Hamano <gitster@pobox.com>2015-03-13 22:56:02 -0700
commit5244a31039dbb3fe0d544fc56100d0ccbc653131 (patch)
tree47362bd61deab37c7dfb41d1b8189e31ccab5ccb /t
parentMerge branch 'rs/daemon-interpolate' into maint (diff)
parentapply: do not touch a file beyond a symbolic link (diff)
downloadtgif-5244a31039dbb3fe0d544fc56100d0ccbc653131.tar.xz
Merge branch 'jc/apply-beyond-symlink' into maint
"git apply" was not very careful about reading from, removing, updating and creating paths outside the working tree (under --index/--cached) or the current directory (when used as a replacement for GNU patch). * jc/apply-beyond-symlink: apply: do not touch a file beyond a symbolic link apply: do not read from beyond a symbolic link apply: do not read from the filesystem under --index apply: reject input that touches outside the working area
Diffstat (limited to 't')
-rwxr-xr-xt/t4122-apply-symlink-inside.sh106
-rwxr-xr-xt/t4139-apply-escape.sh141
2 files changed, 247 insertions, 0 deletions
diff --git a/t/t4122-apply-symlink-inside.sh b/t/t4122-apply-symlink-inside.sh
index 70b3a06e1d..1779c0a568 100755
--- a/t/t4122-apply-symlink-inside.sh
+++ b/t/t4122-apply-symlink-inside.sh
@@ -52,4 +52,110 @@ test_expect_success 'check result' '
'
+test_expect_success SYMLINKS 'do not read from beyond symbolic link' '
+ git reset --hard &&
+ mkdir -p arch/x86_64/dir &&
+ >arch/x86_64/dir/file &&
+ git add arch/x86_64/dir/file &&
+ echo line >arch/x86_64/dir/file &&
+ git diff >patch &&
+ git reset --hard &&
+
+ mkdir arch/i386/dir &&
+ >arch/i386/dir/file &&
+ ln -s ../i386/dir arch/x86_64/dir &&
+
+ test_must_fail git apply patch &&
+ test_must_fail git apply --cached patch &&
+ test_must_fail git apply --index patch
+
+'
+
+test_expect_success SYMLINKS 'do not follow symbolic link (setup)' '
+
+ rm -rf arch/i386/dir arch/x86_64/dir &&
+ git reset --hard &&
+ ln -s ../i386/dir arch/x86_64/dir &&
+ git add arch/x86_64/dir &&
+ git diff HEAD >add_symlink.patch &&
+ git reset --hard &&
+
+ mkdir arch/x86_64/dir &&
+ >arch/x86_64/dir/file &&
+ git add arch/x86_64/dir/file &&
+ git diff HEAD >add_file.patch &&
+ git diff -R HEAD >del_file.patch &&
+ git reset --hard &&
+ rm -fr arch/x86_64/dir &&
+
+ cat add_symlink.patch add_file.patch >patch &&
+ cat add_symlink.patch del_file.patch >tricky_del &&
+
+ mkdir arch/i386/dir
+'
+
+test_expect_success SYMLINKS 'do not follow symbolic link (same input)' '
+
+ # same input creates a confusing symbolic link
+ test_must_fail git apply patch 2>error-wt &&
+ test_i18ngrep "beyond a symbolic link" error-wt &&
+ test_path_is_missing arch/x86_64/dir &&
+ test_path_is_missing arch/i386/dir/file &&
+
+ test_must_fail git apply --index patch 2>error-ix &&
+ test_i18ngrep "beyond a symbolic link" error-ix &&
+ test_path_is_missing arch/x86_64/dir &&
+ test_path_is_missing arch/i386/dir/file &&
+ test_must_fail git ls-files --error-unmatch arch/x86_64/dir &&
+ test_must_fail git ls-files --error-unmatch arch/i386/dir &&
+
+ test_must_fail git apply --cached patch 2>error-ct &&
+ test_i18ngrep "beyond a symbolic link" error-ct &&
+ test_must_fail git ls-files --error-unmatch arch/x86_64/dir &&
+ test_must_fail git ls-files --error-unmatch arch/i386/dir &&
+
+ >arch/i386/dir/file &&
+ git add arch/i386/dir/file &&
+
+ test_must_fail git apply tricky_del &&
+ test_path_is_file arch/i386/dir/file &&
+
+ test_must_fail git apply --index tricky_del &&
+ test_path_is_file arch/i386/dir/file &&
+ test_must_fail git ls-files --error-unmatch arch/x86_64/dir &&
+ git ls-files --error-unmatch arch/i386/dir &&
+
+ test_must_fail git apply --cached tricky_del &&
+ test_must_fail git ls-files --error-unmatch arch/x86_64/dir &&
+ git ls-files --error-unmatch arch/i386/dir
+'
+
+test_expect_success SYMLINKS 'do not follow symbolic link (existing)' '
+
+ # existing symbolic link
+ git reset --hard &&
+ ln -s ../i386/dir arch/x86_64/dir &&
+ git add arch/x86_64/dir &&
+
+ test_must_fail git apply add_file.patch 2>error-wt-add &&
+ test_i18ngrep "beyond a symbolic link" error-wt-add &&
+ test_path_is_missing arch/i386/dir/file &&
+
+ mkdir arch/i386/dir &&
+ >arch/i386/dir/file &&
+ test_must_fail git apply del_file.patch 2>error-wt-del &&
+ test_i18ngrep "beyond a symbolic link" error-wt-del &&
+ test_path_is_file arch/i386/dir/file &&
+ rm arch/i386/dir/file &&
+
+ test_must_fail git apply --index add_file.patch 2>error-ix-add &&
+ test_i18ngrep "beyond a symbolic link" error-ix-add &&
+ test_path_is_missing arch/i386/dir/file &&
+ test_must_fail git ls-files --error-unmatch arch/i386/dir &&
+
+ test_must_fail git apply --cached add_file.patch 2>error-ct-file &&
+ test_i18ngrep "beyond a symbolic link" error-ct-file &&
+ test_must_fail git ls-files --error-unmatch arch/i386/dir
+'
+
test_done
diff --git a/t/t4139-apply-escape.sh b/t/t4139-apply-escape.sh
new file mode 100755
index 0000000000..45b5660a47
--- /dev/null
+++ b/t/t4139-apply-escape.sh
@@ -0,0 +1,141 @@
+#!/bin/sh
+
+test_description='paths written by git-apply cannot escape the working tree'
+. ./test-lib.sh
+
+# tests will try to write to ../foo, and we do not
+# want them to escape the trash directory when they
+# fail
+test_expect_success 'bump git repo one level down' '
+ mkdir inside &&
+ mv .git inside/ &&
+ cd inside
+'
+
+# $1 = name of file
+# $2 = current path to file (if different)
+mkpatch_add () {
+ rm -f "${2:-$1}" &&
+ cat <<-EOF
+ diff --git a/$1 b/$1
+ new file mode 100644
+ index 0000000..53c74cd
+ --- /dev/null
+ +++ b/$1
+ @@ -0,0 +1 @@
+ +evil
+ EOF
+}
+
+mkpatch_del () {
+ echo evil >"${2:-$1}" &&
+ cat <<-EOF
+ diff --git a/$1 b/$1
+ deleted file mode 100644
+ index 53c74cd..0000000
+ --- a/$1
+ +++ /dev/null
+ @@ -1 +0,0 @@
+ -evil
+ EOF
+}
+
+# $1 = name of file
+# $2 = content of symlink
+mkpatch_symlink () {
+ rm -f "$1" &&
+ cat <<-EOF
+ diff --git a/$1 b/$1
+ new file mode 120000
+ index 0000000..$(printf "%s" "$2" | git hash-object --stdin)
+ --- /dev/null
+ +++ b/$1
+ @@ -0,0 +1 @@
+ +$2
+ \ No newline at end of file
+ EOF
+}
+
+test_expect_success 'cannot create file containing ..' '
+ mkpatch_add ../foo >patch &&
+ test_must_fail git apply patch &&
+ test_path_is_missing ../foo
+'
+
+test_expect_success 'can create file containing .. with --unsafe-paths' '
+ mkpatch_add ../foo >patch &&
+ git apply --unsafe-paths patch &&
+ test_path_is_file ../foo
+'
+
+test_expect_success 'cannot create file containing .. (index)' '
+ mkpatch_add ../foo >patch &&
+ test_must_fail git apply --index patch &&
+ test_path_is_missing ../foo
+'
+
+test_expect_success 'cannot create file containing .. with --unsafe-paths (index)' '
+ mkpatch_add ../foo >patch &&
+ test_must_fail git apply --index --unsafe-paths patch &&
+ test_path_is_missing ../foo
+'
+
+test_expect_success 'cannot delete file containing ..' '
+ mkpatch_del ../foo >patch &&
+ test_must_fail git apply patch &&
+ test_path_is_file ../foo
+'
+
+test_expect_success 'can delete file containing .. with --unsafe-paths' '
+ mkpatch_del ../foo >patch &&
+ git apply --unsafe-paths patch &&
+ test_path_is_missing ../foo
+'
+
+test_expect_success 'cannot delete file containing .. (index)' '
+ mkpatch_del ../foo >patch &&
+ test_must_fail git apply --index patch &&
+ test_path_is_file ../foo
+'
+
+test_expect_success SYMLINKS 'symlink escape via ..' '
+ {
+ mkpatch_symlink tmp .. &&
+ mkpatch_add tmp/foo ../foo
+ } >patch &&
+ test_must_fail git apply patch &&
+ test_path_is_missing tmp &&
+ test_path_is_missing ../foo
+'
+
+test_expect_success SYMLINKS 'symlink escape via .. (index)' '
+ {
+ mkpatch_symlink tmp .. &&
+ mkpatch_add tmp/foo ../foo
+ } >patch &&
+ test_must_fail git apply --index patch &&
+ test_path_is_missing tmp &&
+ test_path_is_missing ../foo
+'
+
+test_expect_success SYMLINKS 'symlink escape via absolute path' '
+ {
+ mkpatch_symlink tmp "$(pwd)" &&
+ mkpatch_add tmp/foo ../foo
+ } >patch &&
+ test_must_fail git apply patch &&
+ test_path_is_missing tmp &&
+ test_path_is_missing ../foo
+'
+
+test_expect_success SYMLINKS 'symlink escape via absolute path (index)' '
+ {
+ mkpatch_symlink tmp "$(pwd)" &&
+ mkpatch_add tmp/foo ../foo
+ } >patch &&
+ test_must_fail git apply --index patch &&
+ test_path_is_missing tmp &&
+ test_path_is_missing ../foo
+'
+
+test_done