summaryrefslogtreecommitdiff
path: root/t
diff options
context:
space:
mode:
authorLibravatar Jeff King <peff@peff.net>2019-08-29 15:08:42 -0400
committerLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-12-04 13:20:04 +0100
commita52ed76142f6e8d993bb4c50938a408966eb2b7c (patch)
tree9603df337bf43eec5d4998d44f5c3293661950d2 /t
parentfast-import: disallow "feature export-marks" by default (diff)
downloadtgif-a52ed76142f6e8d993bb4c50938a408966eb2b7c.tar.xz
fast-import: disallow "feature import-marks" by default
As with export-marks in the previous commit, import-marks can access the filesystem. This is significantly less dangerous than export-marks because it only involves reading from arbitrary paths, rather than writing them. However, it could still be surprising and have security implications (e.g., exfiltrating data from a service that accepts fast-import streams). Let's lump it (and its "if-exists" counterpart) in with export-marks, and enable the in-stream version only if --allow-unsafe-features is set. Signed-off-by: Jeff King <peff@peff.net>
Diffstat (limited to 't')
-rwxr-xr-xt/t9300-fast-import.sh22
1 files changed, 17 insertions, 5 deletions
diff --git a/t/t9300-fast-import.sh b/t/t9300-fast-import.sh
index ba5a35c32c..77104f9daa 100755
--- a/t/t9300-fast-import.sh
+++ b/t/t9300-fast-import.sh
@@ -2106,6 +2106,14 @@ test_expect_success 'R: abort on receiving feature after data command' '
test_must_fail git fast-import <input
'
+test_expect_success 'R: import-marks features forbidden by default' '
+ >git.marks &&
+ echo "feature import-marks=git.marks" >input &&
+ test_must_fail git fast-import <input &&
+ echo "feature import-marks-if-exists=git.marks" >input &&
+ test_must_fail git fast-import <input
+'
+
test_expect_success 'R: only one import-marks feature allowed per stream' '
>git.marks &&
>git2.marks &&
@@ -2114,7 +2122,7 @@ test_expect_success 'R: only one import-marks feature allowed per stream' '
feature import-marks=git2.marks
EOF
- test_must_fail git fast-import <input
+ test_must_fail git fast-import --allow-unsafe-features <input
'
test_expect_success 'R: export-marks feature forbidden by default' '
@@ -2210,7 +2218,8 @@ test_expect_success 'R: feature import-marks-if-exists' '
rm -f io.marks &&
>expect &&
- git fast-import --export-marks=io.marks <<-\EOF &&
+ git fast-import --export-marks=io.marks \
+ --allow-unsafe-features <<-\EOF &&
feature import-marks-if-exists=not_io.marks
EOF
test_cmp expect io.marks &&
@@ -2221,7 +2230,8 @@ test_expect_success 'R: feature import-marks-if-exists' '
echo ":1 $blob" >expect &&
echo ":2 $blob" >>expect &&
- git fast-import --export-marks=io.marks <<-\EOF &&
+ git fast-import --export-marks=io.marks \
+ --allow-unsafe-features <<-\EOF &&
feature import-marks-if-exists=io.marks
blob
mark :2
@@ -2234,7 +2244,8 @@ test_expect_success 'R: feature import-marks-if-exists' '
echo ":3 $blob" >>expect &&
git fast-import --import-marks=io.marks \
- --export-marks=io.marks <<-\EOF &&
+ --export-marks=io.marks \
+ --allow-unsafe-features <<-\EOF &&
feature import-marks-if-exists=not_io.marks
blob
mark :3
@@ -2247,7 +2258,8 @@ test_expect_success 'R: feature import-marks-if-exists' '
>expect &&
git fast-import --import-marks-if-exists=not_io.marks \
- --export-marks=io.marks <<-\EOF &&
+ --export-marks=io.marks \
+ --allow-unsafe-features <<-\EOF &&
feature import-marks-if-exists=io.marks
EOF
test_cmp expect io.marks