diff options
| author |  Jonathan Nieder <jrnieder@gmail.com> | 2020-04-18 20:52:34 -0700 |
|---|---|---|
| committer | Jonathan Nieder <jrnieder@gmail.com> | 2020-04-19 16:10:58 -0700 |
| commit | a2b26ffb1a81aa23dd14453f4db05d8fe24ee7cc (patch) | |
| tree | db42a4e33101cf94f7d4ddc9dee822fdb6f7df85 /t | |
| parent | credential: refuse to operate when missing host or protocol (diff) | |
| download | tgif-a2b26ffb1a81aa23dd14453f4db05d8fe24ee7cc.tar.xz | |
fsck: convert gitmodules url to URL passed to curl
In 07259e74ec1 (fsck: detect gitmodules URLs with embedded newlines,
2020-03-11), git fsck learned to check whether URLs in .gitmodules could
be understood by the credential machinery when they are handled by
git-remote-curl.
However, the check is overbroad: it checks all URLs instead of only
URLs that would be passed to git-remote-curl. In principle a git:// or
file:/// URL does not need to follow the same conventions as an http://
URL; in particular, git:// and file:// protocols are not succeptible to
issues in the credential API because they do not support attaching
credentials.
In the HTTP case, the URL in .gitmodules does not always match the URL
that would be passed to git-remote-curl and the credential machinery:
Git's URL syntax allows specifying a remote helper followed by a "::"
delimiter and a URL to be passed to it, so that
git ls-remote http::https://example.com/repo.git
invokes git-remote-http with https://example.com/repo.git as its URL
argument. With today's checks, that distinction does not make a
difference, but for a check we are about to introduce (for empty URL
schemes) it will matter.
.gitmodules files also support relative URLs. To ensure coverage for the
https based embedded-newline attack, urldecode and check them directly
for embedded newlines.
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Diffstat (limited to 't')
| -rwxr-xr-x | t/t7416-submodule-dash-url.sh | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh index 41431b1ac3..afdd2553d9 100755 --- a/t/t7416-submodule-dash-url.sh +++ b/t/t7416-submodule-dash-url.sh @@ -60,6 +60,20 @@ test_expect_success 'trailing backslash is handled correctly' ' test_i18ngrep ! "unknown option" err ' +test_expect_success 'fsck permits embedded newline with unrecognized scheme' ' + git checkout --orphan newscheme && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = "data://acjbkd%0akajfdickajkd" + EOF + git add .gitmodules && + git commit -m "gitmodules with unrecognized scheme" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + git push dst HEAD +' + test_expect_success 'fsck rejects embedded newline in url' ' # create an orphan branch to avoid existing .gitmodules objects git checkout --orphan newline && @@ -76,4 +90,19 @@ test_expect_success 'fsck rejects embedded newline in url' ' grep gitmodulesUrl err ' +test_expect_success 'fsck rejects embedded newline in relative url' ' + git checkout --orphan relative-newline && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = "./%0ahost=two.example.com/foo.git" + EOF + git add .gitmodules && + git commit -m "relative url with newline" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesUrl err +' + test_done |