delta/libgit2.git/tests/submodule, branch ethomson/https_proxy github.com: libgit2/libgit2.git object_type: use new enumeration names 2018-12-01T11:54:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-11-28T14:26:57+00:00 168fe39bea3368972a8b1a33d5908e73bc790c18 Use the new object_type enumeration names within the codebase. 
Use the new object_type enumeration names within the codebase.
submodule: add failing test for option-injection protection in url and path 2018-10-05T17:50:13+00:00 Carlos Martín Nieto cmn@dwim.me 2018-10-05T09:42:00+00:00 4e0bdaa877336efc9d42fe7c2a57d4cfe60e66a2 






Convert usage of `git_buf_free` to new `git_buf_dispose`
2018-06-10T17:34:37+00:00

Patrick Steinhardt
ps@pks.im

2018-02-08T11:14:48+00:00

ecf4f33a4e327a91496f72816f9f02d923e5af05












tests: submodule: do not rely on config iteration order
2018-06-06T09:32:14+00:00

Patrick Steinhardt
ps@pks.im

2018-06-06T07:23:01+00:00

8178c70ff43efdc0f176f32a7b6e5c8f55f3e67c

The test submodule::lookup::duplicated_path, which tries to verify that
we detect submodules with duplicated paths, currently relies on the
gitmodules file of "submod2_target". While this file has two gitmodules
with the same path, one of these gitmodules has an empty name and thus
does not pass `git_submodule_name_is_valid`. Because of this, the test
is in fact dependent on the iteration order in which we process the
submodules. In fact the "valid" submodule comes first, the "invalid"
submodule will cause the desired error. In fact the "invalid" submodule
comes first, it will be skipped due to its name being invalid, and we
will not see the desired error. While this works on the master branch
just right due to the refactoring of our config code, where iteration
order is now deterministic, this breaks on all older maintenance
branches.

Fix the issue by simply using `cl_git_rewritefile` to rewrite the
gitmodules file. This greatly simplifies the test and also makes the
intentions of it much clearer.





The test submodule::lookup::duplicated_path, which tries to verify that
we detect submodules with duplicated paths, currently relies on the
gitmodules file of "submod2_target". While this file has two gitmodules
with the same path, one of these gitmodules has an empty name and thus
does not pass `git_submodule_name_is_valid`. Because of this, the test
is in fact dependent on the iteration order in which we process the
submodules. In fact the "valid" submodule comes first, the "invalid"
submodule will cause the desired error. In fact the "invalid" submodule
comes first, it will be skipped due to its name being invalid, and we
will not see the desired error. While this works on the master branch
just right due to the refactoring of our config code, where iteration
order is now deterministic, this breaks on all older maintenance
branches.

Fix the issue by simply using `cl_git_rewritefile` to rewrite the
gitmodules file. This greatly simplifies the test and also makes the
intentions of it much clearer.







submodule: detect duplicated submodule paths
2018-05-30T08:35:12+00:00

Patrick Steinhardt
ps@pks.im

2018-05-30T06:35:06+00:00

b2a389c87019c729ffaf179a338236dd129b473c

When loading submodule names, we build a map of submodule paths and
their respective names. While looping over the configuration keys,
we do not check though whether a submodule path was seen already. This
leads to a memory leak in case we have multiple submodules with the same
path, as we just overwrite the old value in the map in that case.

Fix the error by verifying that the path to be added is not yet part of
the string map. Git does not allow to have multiple submodules for a
path anyway, so we now do the same and detect this duplication,
reporting it to the user.





When loading submodule names, we build a map of submodule paths and
their respective names. While looping over the configuration keys,
we do not check though whether a submodule path was seen already. This
leads to a memory leak in case we have multiple submodules with the same
path, as we just overwrite the old value in the map in that case.

Fix the error by verifying that the path to be added is not yet part of
the string map. Git does not allow to have multiple submodules for a
path anyway, so we now do the same and detect this duplication,
reporting it to the user.







submodule: plug leaks from the escape detection
2018-05-24T18:28:36+00:00

Carlos Martín Nieto
cmn@dwim.me

2018-05-24T18:28:36+00:00

9e723db877f3c310f826f517ebe509722aad22eb












submodule: also validate Windows-separated paths for validity
2018-05-14T15:30:59+00:00

Carlos Martín Nieto
carlosmn@github.com

2018-05-14T14:03:15+00:00

397abe9832a1baa7a822f4c63fa9730a3438aa7a

Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to
protect Windows users.

Ideally we would check for both separators without the need for the copied
string, but this'll get us over the RCE.





Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to
protect Windows users.

Ideally we would check for both separators without the need for the copied
string, but this'll get us over the RCE.







submodule: ignore submodules which include path traversal in their name
2018-05-09T18:29:49+00:00

Carlos Martín Nieto
cmn@dwim.me

2018-04-30T11:47:15+00:00

6b15ceac0ad19ab671995e9926b492e93703ed0f

If the we decide that the "name" of the submodule (i.e. its path inside
`.git/modules/`) is trying to escape that directory or otherwise trick us, we
ignore the configuration for that submodule.

This leaves us with a half-configured submodule when looking it up by path, but
it's the same result as if the configuration really were missing.

The name check is potentially more strict than it needs to be, but it lets us
re-use the check we're doing for the checkout. The function that encapsulates
this logic is ready to be exported but we don't want to do that in a security
release so it remains internal for now.





If the we decide that the "name" of the submodule (i.e. its path inside
`.git/modules/`) is trying to escape that directory or otherwise trick us, we
ignore the configuration for that submodule.

This leaves us with a half-configured submodule when looking it up by path, but
it's the same result as if the configuration really were missing.

The name check is potentially more strict than it needs to be, but it lets us
re-use the check we're doing for the checkout. The function that encapsulates
this logic is ready to be exported but we don't want to do that in a security
release so it remains internal for now.







submodule: add a failing test for a submodule escaping .git/modules
2018-04-30T11:03:44+00:00

Carlos Martín Nieto
cmn@dwim.me

2018-04-30T11:03:44+00:00

7553763aca0068fd331f2ba07fbe960605f04bb6

We should pretend such submdules do not exist as it can lead to RCE.





We should pretend such submdules do not exist as it can lead to RCE.







Merge pull request #4522 from csware/submodules-should-report-parse-errors
2018-04-17T13:32:56+00:00

Edward Thomson
ethomson@edwardthomson.com

2018-04-17T13:32:56+00:00

286a6765f8c63158938663a0cf72b0d7fe381280

Submodules-API should report .gitmodules parse errors instead of ignoring them




Submodules-API should report .gitmodules parse errors instead of ignoring them