mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6105 Commits
49 Branches
Tree: 23ebbe5662
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '23ebbe5662'
${ noResults }
jgit/org.eclipse.jgit/src/org/eclipse/jgit/internal/submodule/SubmoduleValidator.java

SubmoduleValidator.java 6.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. /*

  2.  * Copyright (C) 2018, Google LLC.

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. package org.eclipse.jgit.internal.submodule;

  44. 

  45. import java.io.IOException;

  46. import java.text.MessageFormat;

  47. 

  48. import org.eclipse.jgit.errors.ConfigInvalidException;

  49. import org.eclipse.jgit.internal.JGitText;

  50. import org.eclipse.jgit.lib.Config;

  51. import org.eclipse.jgit.lib.ConfigConstants;

  52. 

  53. /**

  54.  * Validations for the git submodule fields (name, path, uri).

  55.  *

  56.  * Invalid values in these fields can cause security problems as reported in

  57.  * CVE-2018-11235 and and CVE-2018-17456

  58.  */

  59. public class SubmoduleValidator {

  60. 

  61. 	/**

  62. 	 * Error validating a git submodule declaration

  63. 	 */

  64. 	public static class SubmoduleValidationException extends Exception {

  65. 

  66. 		/**

  67. 		 * @param message

  68. 		 *            Description of the problem

  69. 		 */

  70. 		public SubmoduleValidationException(String message) {

  71. 			super(message);

  72. 		}

  73. 

  74. 		private static final long serialVersionUID = 1L;

  75. 	}

  76. 

  77. 	/**

  78. 	 * Validate name for a submodule

  79. 	 *

  80. 	 * @param name

  81. 	 *            name of a submodule

  82. 	 * @throws SubmoduleValidationException

  83. 	 *             name doesn't seem valid (detail in message)

  84. 	 */

  85. 	public static void assertValidSubmoduleName(String name)

  86. 			throws SubmoduleValidationException {

  87. 		if (name.contains("/../") || name.contains("\\..\\") //$NON-NLS-1$ //$NON-NLS-2$

  88. 				|| name.startsWith("../") || name.startsWith("..\\") //$NON-NLS-1$ //$NON-NLS-2$

  89. 				|| name.endsWith("/..") || name.endsWith("\\..")) { //$NON-NLS-1$ //$NON-NLS-2$

  90. 			// Submodule names are used to store the submodule repositories

  91. 			// under $GIT_DIR/modules. Having ".." in submodule names makes a

  92. 			// vulnerability (CVE-2018-11235

  93. 			// https://bugs.eclipse.org/bugs/show_bug.cgi?id=535027#c0)

  94. 			// Reject names containing ".." path segments. We don't

  95. 			// automatically replace these characters or canonicalize by

  96. 			// regarding the name as a file path.

  97. 			// Since Path class is platform dependent, we manually check '/' and

  98. 			// '\\' patterns here.

  99. 			throw new SubmoduleValidationException(MessageFormat

  100. 					.format(JGitText.get().invalidNameContainsDotDot, name));

  101. 		}

  102. 

  103. 		if (name.startsWith("-")) { //$NON-NLS-1$

  104. 			throw new SubmoduleValidationException(

  105. 					MessageFormat.format(

  106. 							JGitText.get().submoduleNameInvalid, name));

  107. 		}

  108. 	}

  109. 

  110. 	/**

  111. 	 * Validate URI for a submodule

  112. 	 *

  113. 	 * @param uri

  114. 	 *            uri of a submodule

  115. 	 * @throws SubmoduleValidationException

  116. 	 *             uri doesn't seem valid

  117. 	 */

  118. 	public static void assertValidSubmoduleUri(String uri)

  119. 			throws SubmoduleValidationException {

  120. 		if (uri.startsWith("-")) { //$NON-NLS-1$

  121. 			throw new SubmoduleValidationException(

  122. 					MessageFormat.format(

  123. 							JGitText.get().submoduleUrlInvalid, uri));

  124. 		}

  125. 	}

  126. 

  127. 	/**

  128. 	 * Validate path for a submodule

  129. 	 *

  130. 	 * @param path

  131. 	 *            path of a submodule

  132. 	 * @throws SubmoduleValidationException

  133. 	 *             path doesn't look right

  134. 	 */

  135. 	public static void assertValidSubmodulePath(String path)

  136. 			throws SubmoduleValidationException {

  137. 

  138. 		if (path.startsWith("-")) { //$NON-NLS-1$

  139. 			throw new SubmoduleValidationException(

  140. 					MessageFormat.format(

  141. 							JGitText.get().submodulePathInvalid, path));

  142. 		}

  143. 	}

  144. 

  145. 	/**

  146. 	 * @param gitModulesContents

  147. 	 *            Contents of a .gitmodule file. They will be parsed internally.

  148. 	 * @throws IOException

  149. 	 *             If the contents

  150. 	 */

  151. 	public static void assertValidGitModulesFile(String gitModulesContents)

  152. 			throws IOException {

  153. 		// Validate .gitmodules file

  154. 		Config c = new Config();

  155. 		try {

  156. 			c.fromText(gitModulesContents);

  157. 			for (String subsection : c.getSubsections(

  158. 					ConfigConstants.CONFIG_SUBMODULE_SECTION)) {

  159. 				String url = c.getString(

  160. 						ConfigConstants.CONFIG_SUBMODULE_SECTION,

  161. 						subsection, ConfigConstants.CONFIG_KEY_URL);

  162. 				assertValidSubmoduleUri(url);

  163. 

  164. 				assertValidSubmoduleName(subsection);

  165. 

  166. 				String path = c.getString(

  167. 						ConfigConstants.CONFIG_SUBMODULE_SECTION, subsection,

  168. 						ConfigConstants.CONFIG_KEY_PATH);

  169. 				assertValidSubmodulePath(path);

  170. 			}

  171. 		} catch (ConfigInvalidException e) {

  172. 			throw new IOException(

  173. 					MessageFormat.format(

  174. 							JGitText.get().invalidGitModules,

  175. 							e));

  176. 		} catch (SubmoduleValidationException e) {

  177. 			throw new IOException(e.getMessage(), e);

  178. 		}

  179. 	}

  180. }