Ivan Frade
db9f7b028d
SubmoduleAddCommand: Reject submodule URIs that look like cli options
In C git versions before 2.19.1, the submodule is fetched by running "git clone <uri> <path>". A URI starting with "-" would be interpreted as an option, causing security problems. See CVE-2018-17456. Refuse to add submodules with URIs, names or paths starting with "-", that could be confused with command line arguments. [jn: backported to JGit 4.7.y, bringing portions of Masaya Suzuki's dotdot check code in v5.1.0.201808281540-m3~57 (Add API to specify the submodule name, 2018-07-12) along for the ride] Change-Id: I2607c3acc480b75ab2b13386fe2cac435839f017 Signed-off-by: Ivan Frade <ifrade@google.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
5 vuotta sitten | |
---|---|---|
.. | ||
SubmoduleAddTest.java | SubmoduleAddCommand: Reject submodule URIs that look like cli options | 5 vuotta sitten |
SubmoduleInitTest.java | Enable and fix 'Should be tagged with @Override' warning | 7 vuotta sitten |
SubmoduleStatusTest.java | Enable and fix 'Should be tagged with @Override' warning | 7 vuotta sitten |
SubmoduleSyncTest.java | Enable and fix 'Should be tagged with @Override' warning | 7 vuotta sitten |
SubmoduleUpdateTest.java | Enable and fix 'Should be tagged with @Override' warning | 7 vuotta sitten |
SubmoduleWalkTest.java | Enable and fix warnings about redundant specification of type arguments | 7 vuotta sitten |