From 90243e8192574f43bb84be01528504ec230d7fd3 Mon Sep 17 00:00:00 2001

From: Pavel Cahyna <pcahyna@redhat.com>

Date: Fri, 19 Oct 2018 10:55:43 +0200

Subject: [PATCH 2/2] submodule-config: ban submodule urls that start with dash

 - tests

Our tests cover two cases:

  1. A file url with "./" continues to work, showing that

     there's an escape hatch for people with truly silly

     repo names.

  2. A url starting with "-" is rejected.

Note that we expect case (2) to fail, but it would have done

so even without this commit, for the reasons given above.

So instead of just expecting failure, let's also check for

the magic word "ignoring" on stderr. That lets us know that

we failed for the right reason.

[pc: backported to 1.8.3.1 by avoiding -C in tests]

submodule-config: ban submodule paths that start with a dash - test

There are two minor differences to the tests in t7416 (that

covered urls):

  1. We don't have a "./-sub" escape hatch to make this

     work, since the submodule code expects to be able to

     match canonical index names to the path field (so you

     are free to add submodule config with that path, but we

     would never actually use it, since an index entry would

     never start with "./").

  2. After this patch, cloning actually succeeds. Since we

     ignore the submodule.*.path value, we fail to find a

     config stanza for our submodule at all, and simply

     treat it as inactive. We still check for the "ignoring"

     message.

[jn:

 - the original patch expects 'git clone' to succeed in

   the test because v2.13.0-rc0~10^2~3 (clone: teach

   --recurse-submodules to optionally take a pathspec,

   2017-03-17) makes 'git clone' skip invalid submodules.

   Updated the test to pass in older Git versions where the

   submodule name check makes 'git clone' fail.]

[pc:

 - avoid -C in tests

 - reimplement git mv of a submodule, git mv gained that functionality later.]

fsck: detect submodule urls starting with dash - tests

[pc: backported to 1.8.3.1 by avoiding -C in tests ]

fsck: detect submodule paths starting with dash - test

commit 1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404 upstream.

[pc: backported to 1.8.3.1 by avoiding -C in tests ]

---

 t/t7416-submodule-dash-url.sh | 49 +++++++++++++++++++++++++++++++++++++++++++

 t/t7417-submodule-path-url.sh | 32 ++++++++++++++++++++++++++++

 2 files changed, 81 insertions(+)

 create mode 100755 t/t7416-submodule-dash-url.sh

 create mode 100755 t/t7417-submodule-path-url.sh

diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh

new file mode 100755

index 000000000..e85f2e9d2

--- /dev/null

+++ b/t/t7416-submodule-dash-url.sh

@@ -0,0 +1,49 @@

+#!/bin/sh

+

+test_description='check handling of .gitmodule url with dash'

+. ./test-lib.sh

+

+test_expect_success 'create submodule with protected dash in url' '

+	git init upstream &&

+	( cd upstream && git commit --allow-empty -m base ) &&

+	mv upstream ./-upstream &&

+	git submodule add ./-upstream sub &&

+	git add sub .gitmodules &&

+	git commit -m submodule

+'

+

+test_expect_success 'clone can recurse submodule' '

+	test_when_finished "rm -rf dst" &&

+	git clone --recurse-submodules . dst &&

+	echo base >expect &&

+	( cd dst/sub && git log -1 --format=%s ) >actual &&

+	test_cmp expect actual

+'

+

+test_expect_success 'fsck accepts protected dash' '

+	test_when_finished "rm -rf dst" &&

+	git init --bare dst &&

+	( cd dst && git config transfer.fsckObjects true ) &&

+	git push dst HEAD

+'

+

+test_expect_success 'remove ./ protection from .gitmodules url' '

+	perl -i -pe "s{\./}{}" .gitmodules &&

+	git commit -am "drop protection"

+'

+

+test_expect_success 'clone rejects unprotected dash' '

+	test_when_finished "rm -rf dst" &&

+	test_must_fail git clone --recurse-submodules . dst 2>err &&

+	test_i18ngrep "may be interpreted as a command-line option" err

+'

+

+test_expect_success 'fsck rejects unprotected dash' '

+	test_when_finished "rm -rf dst" &&

+	git init --bare dst &&

+	( cd dst && git config transfer.fsckObjects true ) &&

+	test_must_fail git push dst HEAD 2>err &&

+	test_i18ngrep "disallowed submodule url" err

+'

+

+test_done

diff --git a/t/t7417-submodule-path-url.sh b/t/t7417-submodule-path-url.sh

new file mode 100755

index 000000000..141b42a11

--- /dev/null

+++ b/t/t7417-submodule-path-url.sh

@@ -0,0 +1,32 @@

+#!/bin/sh

+

+test_description='check handling of .gitmodule path with dash'

+. ./test-lib.sh

+

+test_expect_success 'create submodule with dash in path' '

+	git init upstream &&

+	( cd upstream && git commit --allow-empty -m base ) &&

+	git submodule add ./upstream sub &&

+        mv -- sub -sub &&

+        git rm --cached sub &&

+        sed -i -e "/=.*sub$/s/sub/-sub/" .git/modules/sub/config &&

+        sed -i -e "/=.*sub$/s/sub/-sub/" .gitmodules &&

+        git add -- -sub .git/modules/sub/config .gitmodules &&

+	git commit -m submodule

+'

+

+test_expect_success 'clone rejects unprotected dash' '

+	test_when_finished "rm -rf dst" &&

+	test_might_fail git clone --recurse-submodules . dst 2>err &&

+	test_i18ngrep "may be interpreted as a command-line option" err

+'

+

+test_expect_success 'fsck rejects unprotected dash' '

+	test_when_finished "rm -rf dst" &&

+	git init --bare dst &&

+	( cd dst && git config transfer.fsckObjects true ) &&

+	test_must_fail git push dst HEAD 2>err &&

+	test_i18ngrep "disallowed submodule path" err

+'

+

+test_done

-- 

2.14.4