diff options
| author | Shawn Pearce <spearce@spearce.org> | 2017-12-13 17:35:38 -0800 |
|---|---|---|
| committer | Shawn Pearce <spearce@spearce.org> | 2017-12-13 17:50:52 -0800 |
| commit | 3a7704638abf5d221a05509291e7c49ad1ac63ba (patch) | |
| tree | ebcde3951a6e156f4ccf9a003cb9a91a342b2ae7 /org.eclipse.jgit.test | |
| parent | f635aa51f8d6d0aaa11679605cfbb4c720567baf (diff) | |
| download | jgit-3a7704638abf5d221a05509291e7c49ad1ac63ba.tar.gz jgit-3a7704638abf5d221a05509291e7c49ad1ac63ba.zip | |
Make Config.readIncludedConfig a noop by default
The Config class must be safe to run against untrusted input files.
Reading arbitrary local system paths using include.path is risky for
servers, including Gerrit Code Review. Return null by default to
incide the include should be ignored.
Only FileBasedConfig which originated from local disk should be trying
to read local system paths. FileBasedConfig already overrides this
method with its own implementation.
Change-Id: I2ff31753868aa1bbac4a6843a4c23e50bd6f46f3
Diffstat (limited to 'org.eclipse.jgit.test')
| -rw-r--r-- | org.eclipse.jgit.test/tst/org/eclipse/jgit/lib/ConfigTest.java | 18 |
1 files changed, 3 insertions, 15 deletions
diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/lib/ConfigTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/lib/ConfigTest.java index 3f4478a771..3deb7a60f4 100644 --- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/lib/ConfigTest.java +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/lib/ConfigTest.java @@ -833,27 +833,15 @@ public class ConfigTest { } @Test - public void testInclude() throws IOException, ConfigInvalidException { + public void testIncludeIsNoop() throws IOException, ConfigInvalidException { File config = tmp.newFile("config"); - File more = tmp.newFile("config.more"); - File other = tmp.newFile("config.other"); String fooBar = "[foo]\nbar=true\n"; - String includeMore = "[include]\npath=" + pathToString(more) + "\n"; - String includeOther = "path=" + pathToString(other) + "\n"; - String fooPlus = fooBar + includeMore + includeOther; + String fooPlus = fooBar; Files.write(config.toPath(), fooPlus.getBytes()); - String fooMore = "[foo]\nmore=bar\n"; - Files.write(more.toPath(), fooMore.getBytes()); - - String otherMore = "[other]\nmore=bar\n"; - Files.write(other.toPath(), otherMore.getBytes()); - Config parsed = parse("[include]\npath=" + pathToString(config) + "\n"); - assertTrue(parsed.getBoolean("foo", "bar", false)); - assertEquals("bar", parsed.getString("foo", null, "more")); - assertEquals("bar", parsed.getString("other", null, "more")); + assertFalse(parsed.getBoolean("foo", "bar", false)); } private static void assertReadLong(long exp) throws ConfigInvalidException { |