fsck: reject submodule.update = !command in .gitmodules
This allows hosting providers to detect whether they are being used
to attack users using malicious 'update = !command' settings in
.gitmodules.
Since ac1fbbda20
(submodule: do not copy unknown update mode from
.gitmodules, 2013-12-02), in normal cases such settings have been
treated as 'update = none', so forbidding them should not produce any
collateral damage to legitimate uses. A quick search does not reveal
any repositories making use of this construct, either.
Reported-by: Joern Schneeweisz <jschneeweisz@gitlab.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
parent
bdfef0492c
commit
bb92255ebe
7
fsck.c
7
fsck.c
@ -66,6 +66,7 @@ static struct oidset gitmodules_done = OIDSET_INIT;
|
||||
FUNC(GITMODULES_SYMLINK, ERROR) \
|
||||
FUNC(GITMODULES_URL, ERROR) \
|
||||
FUNC(GITMODULES_PATH, ERROR) \
|
||||
FUNC(GITMODULES_UPDATE, ERROR) \
|
||||
/* warnings */ \
|
||||
FUNC(BAD_FILEMODE, WARN) \
|
||||
FUNC(EMPTY_NAME, WARN) \
|
||||
@ -975,6 +976,12 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
|
||||
FSCK_MSG_GITMODULES_PATH,
|
||||
"disallowed submodule path: %s",
|
||||
value);
|
||||
if (!strcmp(key, "update") && value &&
|
||||
parse_submodule_update_type(value) == SM_UPDATE_COMMAND)
|
||||
data->ret |= report(data->options, data->obj,
|
||||
FSCK_MSG_GITMODULES_UPDATE,
|
||||
"disallowed submodule update setting: %s",
|
||||
value);
|
||||
free(name);
|
||||
|
||||
return 0;
|
||||
|
@ -414,6 +414,20 @@ test_expect_success 'submodule update - command in .gitmodules is rejected' '
|
||||
test_must_fail git -C super submodule update submodule
|
||||
'
|
||||
|
||||
test_expect_success 'fsck detects command in .gitmodules' '
|
||||
git init command-in-gitmodules &&
|
||||
(
|
||||
cd command-in-gitmodules &&
|
||||
git submodule add ../submodule submodule &&
|
||||
test_commit adding-submodule &&
|
||||
|
||||
git config -f .gitmodules submodule.submodule.update "!false" &&
|
||||
git add .gitmodules &&
|
||||
test_commit configuring-update &&
|
||||
test_must_fail git fsck
|
||||
)
|
||||
'
|
||||
|
||||
cat << EOF >expect
|
||||
Execution of 'false $submodulesha1' failed in submodule path 'submodule'
|
||||
EOF
|
||||
|
Loading…
Reference in New Issue
Block a user