diff options
| author | Ivan Frade <ifrade@google.com> | 2018-09-24 16:03:35 -0700 |
|---|---|---|
| committer | Matthias Sohn <matthias.sohn@sap.com> | 2018-10-05 21:38:22 +0200 |
| commit | db9f7b028d8086e5fc66364e9beba1e3a2b99d48 (patch) | |
| tree | c59d61cd0b329aa487d173c7dfec48e696792fd4 /org.eclipse.jgit.test | |
| parent | e5a4c0d17e532824e0d379cb1c322296b07c73f9 (diff) | |
| download | jgit-db9f7b028d8086e5fc66364e9beba1e3a2b99d48.tar.gz jgit-db9f7b028d8086e5fc66364e9beba1e3a2b99d48.zip | |
SubmoduleAddCommand: Reject submodule URIs that look like cli options
In C git versions before 2.19.1, the submodule is fetched by running
"git clone <uri> <path>". A URI starting with "-" would be interpreted
as an option, causing security problems. See CVE-2018-17456.
Refuse to add submodules with URIs, names or paths starting with "-",
that could be confused with command line arguments.
[jn: backported to JGit 4.7.y, bringing portions of Masaya Suzuki's
dotdot check code in v5.1.0.201808281540-m3~57 (Add API to specify
the submodule name, 2018-07-12) along for the ride]
Change-Id: I2607c3acc480b75ab2b13386fe2cac435839f017
Signed-off-by: Ivan Frade <ifrade@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Diffstat (limited to 'org.eclipse.jgit.test')
| -rw-r--r-- | org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java index 5c46659c0a..93f47090a3 100644 --- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java @@ -183,6 +183,37 @@ public class SubmoduleAddTest extends RepositoryTestCase { } @Test + public void addSubmoduleWithInvalidPath() throws Exception { + SubmoduleAddCommand command = new SubmoduleAddCommand(db); + command.setPath("-invalid-path"); + // TODO(ms) set name to a valid value in 5.1.0 and adapt expected + // message below + command.setURI("http://example.com/repo/x.git"); + try { + command.call().close(); + fail("Exception not thrown"); + } catch (IllegalArgumentException e) { + // TODO(ms) should check for submodule path, but can't set name + // before 5.1.0 + assertEquals("Invalid submodule name '-invalid-path'", + e.getMessage()); + } + } + + @Test + public void addSubmoduleWithInvalidUri() throws Exception { + SubmoduleAddCommand command = new SubmoduleAddCommand(db); + command.setPath("valid-path"); + command.setURI("-upstream"); + try { + command.call().close(); + fail("Exception not thrown"); + } catch (IllegalArgumentException e) { + assertEquals("Invalid submodule URL '-upstream'", e.getMessage()); + } + } + + @Test public void addSubmoduleWithRelativeUri() throws Exception { try (Git git = new Git(db)) { writeTrashFile("file.txt", "content"); @@ -269,4 +300,4 @@ public class SubmoduleAddTest extends RepositoryTestCase { ConfigConstants.CONFIG_KEY_URL)); } } -}
\ No newline at end of file +} |