Author | SHA1 | Message | Date |
---|---|---|---|
Ivan Frade | 9372791fcf |
SubmoduleValidator: Always throw SubmoduleValidationException
The fsck test needs more detail about the error than an IOException with an explanatory message. Add an error identifier to the SubmoduleValidatorException and make it the only throwable exception when parsing a file. Change-Id: Ic3f0955b497e1681b25e681e1282e876cdf3d2c5 Signed-off-by: Ivan Frade <ifrade@google.com> |
5 years ago |
David Pursehouse | 26e7a74601 |
SubmoduleValidator: Remove unused import of ConfigConstants
Change-Id: I6afe5690bf9d1f1f4d414aa618daefc8b48d217e Signed-off-by: David Pursehouse <david.pursehouse@gmail.com> |
5 years ago |
Jonathan Nieder | d3eaf1007b |
SubmoduleValidator: Permit missing path or url
A .gitmodules file can include a submodule without a path to configure the URL for a submodule that is only present on other branches. A .gitmodules file can include a submodule with no URL and no path to reserve the name for a submodule that existed in earlier history but is not available from any URL any more. "git fsck" permits both of these cases. Permit them in JGit as well (instead of throwing NullPointerException). Change-Id: I3b442639ad79ea7a59227f96406a12e62d3573ae Reported-by: David Pursehouse <david.pursehouse@gmail.com> Signed-off-by: Jonathan Nieder <jrn@google.com> |
5 years ago |
Ivan Frade | e4c28665b6 |
BaseReceivePack: Validate incoming .gitmodules files
The main concern are submodule urls starting with '-' that could pass as options to an unguarded tool. Pass through the parser the ids of blobs identified as .gitmodules files in the ObjectChecker. Load the blobs and parse/validate them in SubmoduleValidator. Change-Id: Ia0cc32ce020d288f995bf7bc68041fda36be1963 Signed-off-by: Ivan Frade <ifrade@google.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
5 years ago |
Ivan Frade | db9f7b028d |
SubmoduleAddCommand: Reject submodule URIs that look like cli options
In C git versions before 2.19.1, the submodule is fetched by running "git clone <uri> <path>". A URI starting with "-" would be interpreted as an option, causing security problems. See CVE-2018-17456. Refuse to add submodules with URIs, names or paths starting with "-", that could be confused with command line arguments. [jn: backported to JGit 4.7.y, bringing portions of Masaya Suzuki's dotdot check code in v5.1.0.201808281540-m3~57 (Add API to specify the submodule name, 2018-07-12) along for the ride] Change-Id: I2607c3acc480b75ab2b13386fe2cac435839f017 Signed-off-by: Ivan Frade <ifrade@google.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
5 years ago |