diff options
| author |  Christian Couder <christian.couder@gmail.com> | 2019-05-29 14:44:32 +0200 |
|---|---|---|
| committer |  Junio C Hamano <gitster@pobox.com> | 2019-05-29 11:05:34 -0700 |
| commit | e693237e2ba27b6129e8af7f6a794f5c2fbd26f3 (patch) | |
| tree | 2317223e6228a03a1b0b9fd4ecf5dc51a5eb5fbb /t | |
| parent | Git 2.22-rc1 (diff) | |
| download | tgif-e693237e2ba27b6129e8af7f6a794f5c2fbd26f3.tar.xz | |
list-objects-filter: disable 'sparse:path' filters
If someone wants to use as a filter a sparse file that is in the
repository, something like "--filter=sparse:oid=<ref>:<path>"
already works.
So 'sparse:path' is only interesting if the sparse file is not in
the repository. In this case though the current implementation has
a big security issue, as it makes it possible to ask the server to
read any file, like for example /etc/password, and to explore the
filesystem, as well as individual lines of files.
If someone is interested in using a sparse file that is not in the
repository as a filter, then at the minimum a config option, such
as "uploadpack.sparsePathFilter", should be implemented first to
restrict the directory from which the files specified by
'sparse:path' can be read.
For now though, let's just disable 'sparse:path' filters.
Helped-by: Matthew DeVore <matvore@google.com>
Helped-by: Jeff Hostetler <git@jeffhostetler.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't')
| -rwxr-xr-x | t/t5317-pack-objects-filter-objects.sh | 71 | ||||
| -rwxr-xr-x | t/t6112-rev-list-filters-objects.sh | 39 |
2 files changed, 26 insertions, 84 deletions
diff --git a/t/t5317-pack-objects-filter-objects.sh b/t/t5317-pack-objects-filter-objects.sh index 4c0201c34b..2d2f5d0229 100755 --- a/t/t5317-pack-objects-filter-objects.sh +++ b/t/t5317-pack-objects-filter-objects.sh @@ -277,6 +277,10 @@ test_expect_success 'verify normal and blob:limit packfiles have same commits/tr ' # Test sparse:path=<path> filter. +# !!!! +# NOTE: sparse:path filter support has been dropped for security reasons, +# so the tests have been changed to make sure that using it fails. +# !!!! # Use a local file containing a sparse-checkout specification to filter # out blobs not required for the corresponding sparse-checkout. We do not # require sparse-checkout to actually be enabled. @@ -315,73 +319,24 @@ test_expect_success 'verify blob count in normal packfile' ' test_cmp expected observed ' -test_expect_success 'verify sparse:path=pattern1' ' - git -C r3 ls-files -s dir1/sparse1 dir1/sparse2 >ls_files_result && - awk -f print_2.awk ls_files_result | - sort >expected && - - git -C r3 pack-objects --revs --stdout --filter=sparse:path=../pattern1 >filter.pack <<-EOF && +test_expect_success 'verify sparse:path=pattern1 fails' ' + test_must_fail git -C r3 pack-objects --revs --stdout \ + --filter=sparse:path=../pattern1 <<-EOF HEAD EOF - git -C r3 index-pack ../filter.pack && - - git -C r3 verify-pack -v ../filter.pack >verify_result && - grep blob verify_result | - awk -f print_1.awk | - sort >observed && - - test_cmp expected observed -' - -test_expect_success 'verify normal and sparse:path=pattern1 packfiles have same commits/trees' ' - git -C r3 verify-pack -v ../all.pack >verify_result && - grep -E "commit|tree" verify_result | - awk -f print_1.awk | - sort >expected && - - git -C r3 verify-pack -v ../filter.pack >verify_result && - grep -E "commit|tree" verify_result | - awk -f print_1.awk | - sort >observed && - - test_cmp expected observed ' -test_expect_success 'verify sparse:path=pattern2' ' - git -C r3 ls-files -s sparse1 dir1/sparse1 >ls_files_result && - awk -f print_2.awk ls_files_result | - sort >expected && - - git -C r3 pack-objects --revs --stdout --filter=sparse:path=../pattern2 >filter.pack <<-EOF && +test_expect_success 'verify sparse:path=pattern2 fails' ' + test_must_fail git -C r3 pack-objects --revs --stdout \ + --filter=sparse:path=../pattern2 <<-EOF HEAD EOF - git -C r3 index-pack ../filter.pack && - - git -C r3 verify-pack -v ../filter.pack >verify_result && - grep blob verify_result | - awk -f print_1.awk | - sort >observed && - - test_cmp expected observed -' - -test_expect_success 'verify normal and sparse:path=pattern2 packfiles have same commits/trees' ' - git -C r3 verify-pack -v ../all.pack >verify_result && - grep -E "commit|tree" verify_result | - awk -f print_1.awk | - sort >expected && - - git -C r3 verify-pack -v ../filter.pack >verify_result && - grep -E "commit|tree" verify_result | - awk -f print_1.awk | - sort >observed && - - test_cmp expected observed ' # Test sparse:oid=<oid-ish> filter. -# Like sparse:path, but we get the sparse-checkout specification from -# a blob rather than a file on disk. +# Use a blob containing a sparse-checkout specification to filter +# out blobs not required for the corresponding sparse-checkout. We do not +# require sparse-checkout to actually be enabled. test_expect_success 'setup r4' ' git init r4 && diff --git a/t/t6112-rev-list-filters-objects.sh b/t/t6112-rev-list-filters-objects.sh index 9c11427719..acd7f5ab80 100755 --- a/t/t6112-rev-list-filters-objects.sh +++ b/t/t6112-rev-list-filters-objects.sh @@ -157,6 +157,10 @@ test_expect_success 'verify blob:limit=1m' ' ' # Test sparse:path=<path> filter. +# !!!! +# NOTE: sparse:path filter support has been dropped for security reasons, +# so the tests have been changed to make sure that using it fails. +# !!!! # Use a local file containing a sparse-checkout specification to filter # out blobs not required for the corresponding sparse-checkout. We do not # require sparse-checkout to actually be enabled. @@ -176,37 +180,20 @@ test_expect_success 'setup r3' ' echo sparse1 >pattern2 ' -test_expect_success 'verify sparse:path=pattern1 omits top-level files' ' - git -C r3 ls-files -s sparse1 sparse2 >ls_files_result && - awk -f print_2.awk ls_files_result | - sort >expected && - - git -C r3 rev-list --quiet --objects --filter-print-omitted \ - --filter=sparse:path=../pattern1 HEAD >revs && - awk -f print_1.awk revs | - sed "s/~//" | - sort >observed && - - test_cmp expected observed +test_expect_success 'verify sparse:path=pattern1 fails' ' + test_must_fail git -C r3 rev-list --quiet --objects \ + --filter-print-omitted --filter=sparse:path=../pattern1 HEAD ' -test_expect_success 'verify sparse:path=pattern2 omits both sparse2 files' ' - git -C r3 ls-files -s sparse2 dir1/sparse2 >ls_files_result && - awk -f print_2.awk ls_files_result | - sort >expected && - - git -C r3 rev-list --quiet --objects --filter-print-omitted \ - --filter=sparse:path=../pattern2 HEAD >revs && - awk -f print_1.awk revs | - sed "s/~//" | - sort >observed && - - test_cmp expected observed +test_expect_success 'verify sparse:path=pattern2 fails' ' + test_must_fail git -C r3 rev-list --quiet --objects \ + --filter-print-omitted --filter=sparse:path=../pattern2 HEAD ' # Test sparse:oid=<oid-ish> filter. -# Like sparse:path, but we get the sparse-checkout specification from -# a blob rather than a file on disk. +# Use a blob containing a sparse-checkout specification to filter +# out blobs not required for the corresponding sparse-checkout. We do not +# require sparse-checkout to actually be enabled. test_expect_success 'setup r3 part 2' ' echo dir1/ >r3/pattern && |