diff options
author | Masaya Suzuki <masayasuzuki@google.com> | 2018-07-12 08:32:32 -0700 |
---|---|---|
committer | Jonathan Nieder <jrn@google.com> | 2018-07-12 12:27:28 -0700 |
commit | 579bff6653991e2a2a6c98d440ed00dbd9748a17 (patch) | |
tree | d87208f74b54745dccc5a553b2562d77b8d9b7f0 /org.eclipse.jgit.test/tst/org | |
parent | 263a8c1c06f9a237520959934dc0a8b93b56a2f4 (diff) | |
download | jgit-579bff6653991e2a2a6c98d440ed00dbd9748a17.tar.gz jgit-579bff6653991e2a2a6c98d440ed00dbd9748a17.zip |
Add API to specify the submodule name
Currently SubmoduleAddCommand always uses the path as submodule name.
This patch lets the caller specify a submodule name.
SubmoduleUpdateCommand still does not make use of the submodule name
(see bug 535027) but Git does. To avoid triggering CVE-2018-11235,
do some validation on the name to avoid '..' path components.
[jn: fleshed out commit message, mostly to work around flaky CI]
Change-Id: I6879c043c6d7973556e2080387f23c246e3d76a5
Signed-off-by: Masaya Suzuki <masayasuzuki@google.com>
Signed-off-by: Jonathan Nieder <jrn@google.com>
Diffstat (limited to 'org.eclipse.jgit.test/tst/org')
-rw-r--r-- | org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java index 1a67e41976..0676eab2d6 100644 --- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java @@ -136,7 +136,49 @@ public class SubmoduleAddTest extends RepositoryTestCase { } SubmoduleWalk generator = SubmoduleWalk.forIndex(db); + generator.loadModulesConfig(); assertTrue(generator.next()); + assertEquals(path, generator.getModuleName()); + assertEquals(path, generator.getPath()); + assertEquals(commit, generator.getObjectId()); + assertEquals(uri, generator.getModulesUrl()); + assertEquals(path, generator.getModulesPath()); + assertEquals(uri, generator.getConfigUrl()); + try (Repository subModRepo = generator.getRepository()) { + assertNotNull(subModRepo); + assertEquals(subCommit, commit); + } + + Status status = Git.wrap(db).status().call(); + assertTrue(status.getAdded().contains(Constants.DOT_GIT_MODULES)); + assertTrue(status.getAdded().contains(path)); + } + } + + @Test + public void addSubmoduleWithName() throws Exception { + try (Git git = new Git(db)) { + writeTrashFile("file.txt", "content"); + git.add().addFilepattern("file.txt").call(); + RevCommit commit = git.commit().setMessage("create file").call(); + + SubmoduleAddCommand command = new SubmoduleAddCommand(db); + String name = "testsub"; + command.setName(name); + String path = "sub"; + command.setPath(path); + String uri = db.getDirectory().toURI().toString(); + command.setURI(uri); + ObjectId subCommit; + try (Repository repo = command.call()) { + assertNotNull(repo); + subCommit = repo.resolve(Constants.HEAD); + } + + SubmoduleWalk generator = SubmoduleWalk.forIndex(db); + generator.loadModulesConfig(); + assertTrue(generator.next()); + assertEquals(name, generator.getModuleName()); assertEquals(path, generator.getPath()); assertEquals(commit, generator.getObjectId()); assertEquals(uri, generator.getModulesUrl()); @@ -268,4 +310,18 @@ public class SubmoduleAddTest extends RepositoryTestCase { ConfigConstants.CONFIG_KEY_URL)); } } + + @Test + public void denySubmoduleWithDotDot() throws Exception { + SubmoduleAddCommand command = new SubmoduleAddCommand(db); + command.setName("dir/../"); + command.setPath("sub"); + command.setURI(db.getDirectory().toURI().toString()); + try { + command.call(); + fail(); + } catch (IllegalArgumentException e) { + // Expected + } + } } |