From: Florian Zschocke Date: Mon, 10 Jun 2019 14:37:15 +0000 (+0200) Subject: Do not resolve symbolic links to repositories. X-Git-Tag: r1.9.0~46 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=d52dfc25d592b3e88ace4bcd30aff1fb665b88e5;p=gitblit.git Do not resolve symbolic links to repositories. When symbolic links under the base repository folder point to repositories outside the base repository folder, the forming of relative repository names failed and resulted in NullPointerExceptions. Create the relative path by not following symbolic links, i.e. the link name is taken as is and not resolved to the external path. This also changes the whole `exactPath` method to work on Paths, instead of Files. Fixes #891 and fixes #837. --- diff --git a/src/main/java/com/gitblit/utils/FileUtils.java b/src/main/java/com/gitblit/utils/FileUtils.java index ad2509d0..0a12229c 100644 --- a/src/main/java/com/gitblit/utils/FileUtils.java +++ b/src/main/java/com/gitblit/utils/FileUtils.java @@ -26,6 +26,7 @@ import java.io.IOException; import java.io.InputStreamReader; import java.io.OutputStreamWriter; import java.nio.charset.Charset; +import java.nio.file.LinkOption; import java.nio.file.Path; import java.nio.file.Paths; @@ -302,8 +303,8 @@ public class FileUtils { * @return a relative path from basePath to path */ public static String getRelativePath(File basePath, File path) { - Path exactBase = Paths.get(getExactFile(basePath).toURI()); - Path exactPath = Paths.get(getExactFile(path).toURI()); + Path exactBase = getExactPath(basePath); + Path exactPath = getExactPath(path); if (exactPath.startsWith(exactBase)) { return exactBase.relativize(exactPath).toString().replace('\\', '/'); } @@ -312,20 +313,28 @@ public class FileUtils { } /** - * Returns the exact path for a file. This path will be the canonical path - * unless an exception is thrown in which case it will be the absolute path. + * Returns the exact path for a file. This path will be the real path + * with symbolic links unresolved. If that produces an IOException, + * the path will be the canonical path unless an exception is thrown + * in which case it will be the absolute path. * * @param path * @return the exact file */ - public static File getExactFile(File path) { + private static Path getExactPath(File path) { try { - return path.getCanonicalFile(); + return path.toPath().toRealPath(LinkOption.NOFOLLOW_LINKS); } catch (IOException e) { - return path.getAbsoluteFile(); + // ignored, try next option + } + try { + return Paths.get(path.getCanonicalPath()); + } catch (IOException e) { + return Paths.get(path.getAbsolutePath()); } } + public static File resolveParameter(String parameter, File aFolder, String path) { if (aFolder == null) { // strip any parameter reference diff --git a/src/test/java/com/gitblit/tests/JGitUtilsTest.java b/src/test/java/com/gitblit/tests/JGitUtilsTest.java index b133a8c8..5f083555 100644 --- a/src/test/java/com/gitblit/tests/JGitUtilsTest.java +++ b/src/test/java/com/gitblit/tests/JGitUtilsTest.java @@ -17,6 +17,10 @@ package com.gitblit.tests; import java.io.File; import java.io.FileOutputStream; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; import java.text.SimpleDateFormat; import java.util.Arrays; import java.util.Date; @@ -51,6 +55,8 @@ import com.gitblit.utils.JGitUtils; import com.gitblit.utils.JnaUtils; import com.gitblit.utils.StringUtils; +import static org.junit.Assume.assumeTrue; + public class JGitUtilsTest extends GitblitUnitTest { @Test @@ -74,6 +80,117 @@ public class JGitUtilsTest extends GitblitUnitTest { assertTrue("No repositories found in " + GitBlitSuite.REPOSITORIES, list.size() > 0); } + @Test + public void testFindRepositoriesSymLinked() { + + String reposdirName = "gitrepos"; + String repositoryName = "test-linked.git"; + File extrepodir = new File(GitBlitSuite.REPOSITORIES.getParent(), reposdirName); + Path symlink = null; + Path alink = null; + try { + Path link = Paths.get( GitBlitSuite.REPOSITORIES.toString(), "test-rln.git"); + Path target = Paths.get("../" + reposdirName,repositoryName); + symlink = Files.createSymbolicLink(link, target); + + link = Paths.get( GitBlitSuite.REPOSITORIES.toString(), "test-ln.git"); + target = Paths.get(extrepodir.getCanonicalPath(), repositoryName); + alink = Files.createSymbolicLink(link, target); + } + catch (UnsupportedOperationException e) { + assumeTrue("No symbolic links supported.", false); + } + catch (IOException ioe) { + try { + if (symlink != null) Files.delete(symlink); + if (alink != null) Files.delete(alink); + } + catch (IOException ignored) {} + fail(ioe.getMessage()); + } + + + Path extDir = null; + Repository repository = null; + + String testDirName = "test-linked"; + String testTestDirName = "test-linked/test"; + Path testDir = Paths.get(GitBlitSuite.REPOSITORIES.toString(),testDirName); + Path testTestDir = Paths.get(GitBlitSuite.REPOSITORIES.toString(),testTestDirName); + Path linkTestRepo = null; + Path linkTestTestRepo = null; + Path linkExtDir = null; + try { + List list = JGitUtils.getRepositoryList(GitBlitSuite.REPOSITORIES, true, true, -1, null); + int preSize = list.size(); + + // Create test repo. This will make the link targets exist, so that the number of repos increases by two. + extDir = Files.createDirectory(extrepodir.toPath()); + repository = JGitUtils.createRepository(extrepodir, repositoryName); + + list = JGitUtils.getRepositoryList(GitBlitSuite.REPOSITORIES, true, true, -1, null); + assertEquals("No linked repositories found in " + GitBlitSuite.REPOSITORIES, 2, (list.size() - preSize)); + + list = JGitUtils.getRepositoryList(GitBlitSuite.REPOSITORIES, true, true, -1, Arrays.asList(".*ln\\.git")); + assertEquals("Filtering out linked repos failed.", preSize, list.size()); + + // Create subdirectories and place links into them + Files.createDirectories(testTestDir); + + Path target = Paths.get(extrepodir.getCanonicalPath(), repositoryName); + Path link = Paths.get(testDir.toString(), "test-ln-one.git"); + linkTestRepo = Files.createSymbolicLink(link, target); + link = Paths.get(testTestDir.toString(), "test-ln-two.git"); + linkTestTestRepo = Files.createSymbolicLink(link, target); + + list = JGitUtils.getRepositoryList(GitBlitSuite.REPOSITORIES, true, true, -1, null); + assertEquals("No linked repositories found in subdirectories of " + GitBlitSuite.REPOSITORIES, 4, (list.size() - preSize)); + assertTrue("Did not find linked repo test-ln-one.git", list.contains(testDirName + "/test-ln-one.git")); + assertTrue("Did not find linked repo test-ln-two.git", list.contains(testTestDirName + "/test-ln-two.git")); + list = JGitUtils.getRepositoryList(new File(testDir.toString()), true, true, -1, null); + assertEquals("No linked repositories found in subdirectories of " + testDir, 2, list.size()); + assertTrue("Did not find linked repo test-ln-one.git", list.contains("test-ln-one.git")); + assertTrue("Did not find linked repo test-ln-two.git", list.contains("test/test-ln-two.git")); + + + // Create link to external directory with repos + target = Paths.get(extrepodir.getCanonicalPath()); + link = Paths.get(testDir.toString(), "test-linked"); + linkExtDir = Files.createSymbolicLink(link, target); + + list = JGitUtils.getRepositoryList(GitBlitSuite.REPOSITORIES, true, true, -1, null); + assertEquals("No repositories found in linked subdirectories of " + GitBlitSuite.REPOSITORIES, 5, (list.size() - preSize)); + assertTrue("Did not find repo in linked subfolder.", list.contains(testDirName + "/test-linked/" + repositoryName)); + + list = JGitUtils.getRepositoryList(new File(testDir.toString()), true, true, -1, null); + assertEquals("No repositories found in linked subdirectories of " + testDir, 3, list.size()); + assertTrue("Did not find repo in linked subfolder.", list.contains("test-linked/" + repositoryName)); + + } catch (IOException e) { + fail(e.toString()); + } finally { + try { + if (repository != null) { + repository.close(); + RepositoryCache.close(repository); + FileUtils.delete(repository.getDirectory(), FileUtils.RECURSIVE); + } + if (extDir != null) Files.delete(extDir); + if (symlink != null) Files.delete(symlink); + if (alink != null) Files.delete(alink); + + if (linkExtDir != null) Files.deleteIfExists(linkExtDir); + if (linkTestTestRepo != null) Files.deleteIfExists(linkTestTestRepo); + if (linkTestRepo != null) Files.deleteIfExists(linkTestRepo); + + Files.deleteIfExists(testTestDir); + Files.deleteIfExists(testDir); + } + catch (IOException ignored) {} + } + + } + @Test public void testFindExclusions() { List list = JGitUtils.getRepositoryList(GitBlitSuite.REPOSITORIES, false, true, -1, null);