source.dussan.org Git - jgit.git/commit

]> source.dussan.org Git - jgit.git/commit

author	Ivan Frade <ifrade@google.com>
	Mon, 1 Oct 2018 20:44:00 +0000 (13:44 -0700)
committer	Matthias Sohn <matthias.sohn@sap.com>
	Fri, 5 Oct 2018 21:49:00 +0000 (23:49 +0200)
commit	e4c28665b60140f43e2caaa7926fa51e093682d5
tree	7b9c8200e2607021e54db84aaac55d8aea7153eb	tree \| snapshot
parent	3ed3eafbd18054ce502969e212b1de34f1ffc776	commit \| diff

BaseReceivePack: Validate incoming .gitmodules files

The main concern are submodule urls starting with '-' that could pass as
options to an unguarded tool.

Pass through the parser the ids of blobs identified as .gitmodules
files in the ObjectChecker. Load the blobs and parse/validate them
in SubmoduleValidator.

Change-Id: Ia0cc32ce020d288f995bf7bc68041fda36be1963
Signed-off-by: Ivan Frade <ifrade@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>

JGit, the Java implementation of git: https://github.com/eclipse-jgit/jgit

RSS Atom

org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/ReceivePackAdvertiseRefsHookTest.java		diff \| blob \| history
org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/internal/submodule/SubmoduleValidator.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/transport/BaseReceivePack.java		diff \| blob \| history