abort on suspicious ref names
(and the other Dan Carpenter finding too, while we're about it!) Note that neither of these is an actual issue, (and even less likely now that gitolite is pure perl and no shell metas used) but it's just playing safe.
This commit is contained in:
parent
999f9cd39d
commit
139c08d3a1
|
@ -71,6 +71,9 @@ sub access {
|
|||
my $deny_rules = option($repo, 'deny-rules');
|
||||
load($repo);
|
||||
|
||||
# sanity check the only piece the user can control
|
||||
_die "invalid characters in ref or filename: $ref\n" unless $ref =~ $REF_OR_FILENAME_PATT;
|
||||
|
||||
# when a real repo doesn't exist, ^C is a pre-requisite for any other
|
||||
# check to give valid results.
|
||||
if ( $aa ne '^C' and $repo !~ /^\@/ and $repo =~ $REPONAME_PATT and repo_missing($repo) ) {
|
||||
|
|
|
@ -45,6 +45,10 @@ sub in_http {
|
|||
}
|
||||
|
||||
sub in_ssh {
|
||||
$ENV{SSH_ORIGINAL_COMMAND} ||= '';
|
||||
my $soc = $ENV{SSH_ORIGINAL_COMMAND};
|
||||
$soc =~ s/[\n\r]+/<<newline>>/g;
|
||||
_die "I don't like newlines in the command: $soc\n" if $ENV{SSH_ORIGINAL_COMMAND} ne $soc;
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
|
|
101
t/invalid-refnames-filenames.t
Executable file
101
t/invalid-refnames-filenames.t
Executable file
|
@ -0,0 +1,101 @@
|
|||
#!/usr/bin/perl
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
# this is hardcoded; change it if needed
|
||||
use lib "src";
|
||||
use Gitolite::Test;
|
||||
|
||||
# invalid refnames
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
try "plan 57";
|
||||
try "DEF POK = !/DENIED/; !/failed to push/";
|
||||
|
||||
confreset; confadd '
|
||||
repo aa
|
||||
RW+ = @all
|
||||
';
|
||||
|
||||
try "ADMIN_PUSH set1; !/FATAL/" or die text();
|
||||
|
||||
try "
|
||||
|
||||
cd ..
|
||||
rm -rf aa
|
||||
glt clone u1 file:///aa
|
||||
cd aa
|
||||
tc v-869
|
||||
|
||||
glt push u1 origin HEAD
|
||||
/To file:///aa/
|
||||
POK; /\\* \\[new branch\\] HEAD -> master/
|
||||
|
||||
# push file aa,bb ok
|
||||
tc aa,bb
|
||||
glt push u1 origin HEAD
|
||||
/To file:///aa/
|
||||
POK; /HEAD -> master/
|
||||
|
||||
# push file aa=bb ok
|
||||
tc aa=bb
|
||||
glt push u1 origin HEAD
|
||||
/To file:///aa/
|
||||
POK; /HEAD -> master/
|
||||
|
||||
# push to branch dd,ee ok
|
||||
glt push u1 origin master:dd,ee
|
||||
/To file:///aa/
|
||||
POK; /\\* \\[new branch\\] master -> dd,ee/
|
||||
|
||||
# push to branch dd=ee fail
|
||||
glt push u1 origin master:dd=ee
|
||||
/invalid characters in ref or filename: refs/heads/dd=ee/
|
||||
reject
|
||||
";
|
||||
|
||||
confreset; confadd '
|
||||
repo aa
|
||||
RW+ = @all
|
||||
RW+ NAME/ = @all
|
||||
';
|
||||
|
||||
try "ADMIN_PUSH set1; !/FATAL/" or die text();
|
||||
|
||||
try "
|
||||
|
||||
cd ..
|
||||
rm -rf aa
|
||||
glt clone u1 file:///aa
|
||||
cd aa
|
||||
tc file-1
|
||||
|
||||
glt push u1 origin HEAD
|
||||
/To file:///aa/
|
||||
POK; /\\* \\[new branch\\] HEAD -> master/
|
||||
|
||||
# push file aa,bb ok
|
||||
tc aa,bb
|
||||
glt push u1 origin HEAD
|
||||
/To file:///aa/
|
||||
POK; /HEAD -> master/
|
||||
|
||||
# push file aa=bb fail
|
||||
tc aa=bb
|
||||
glt push u1 origin HEAD
|
||||
/To file:///aa/
|
||||
/invalid characters in ref or filename: VREF/NAME/aa=bb/
|
||||
reject
|
||||
|
||||
# push to branch dd,ee ok
|
||||
git reset --hard HEAD^
|
||||
tc some-file
|
||||
glt push u1 origin master:dd,ee
|
||||
/To file:///aa/
|
||||
POK; /\\* \\[new branch\\] master -> dd,ee/
|
||||
|
||||
# push to branch dd=ee fail
|
||||
glt push u1 origin master:dd=ee
|
||||
/invalid characters in ref or filename: refs/heads/dd=ee/
|
||||
reject
|
||||
";
|
Loading…
Reference in a new issue