1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
|
#!/bin/sh
test_description='paths written by git-apply cannot escape the working tree'
. ./test-lib.sh
# tests will try to write to ../foo, and we do not
# want them to escape the trash directory when they
# fail
test_expect_success 'bump git repo one level down' '
mkdir inside &&
mv .git inside/ &&
cd inside
'
# $1 = name of file
# $2 = current path to file (if different)
mkpatch_add () {
rm -f "${2:-$1}" &&
cat <<-EOF
diff --git a/$1 b/$1
new file mode 100644
index 0000000..53c74cd
--- /dev/null
+++ b/$1
@@ -0,0 +1 @@
+evil
EOF
}
mkpatch_del () {
echo evil >"${2:-$1}" &&
cat <<-EOF
diff --git a/$1 b/$1
deleted file mode 100644
index 53c74cd..0000000
--- a/$1
+++ /dev/null
@@ -1 +0,0 @@
-evil
EOF
}
# $1 = name of file
# $2 = content of symlink
mkpatch_symlink () {
rm -f "$1" &&
cat <<-EOF
diff --git a/$1 b/$1
new file mode 120000
index 0000000..$(printf "%s" "$2" | git hash-object --stdin)
--- /dev/null
+++ b/$1
@@ -0,0 +1 @@
+$2
\ No newline at end of file
EOF
}
test_expect_success 'cannot create file containing ..' '
mkpatch_add ../foo >patch &&
test_must_fail git apply patch &&
test_path_is_missing ../foo
'
test_expect_success 'can create file containing .. with --unsafe-paths' '
mkpatch_add ../foo >patch &&
git apply --unsafe-paths patch &&
test_path_is_file ../foo
'
test_expect_success 'cannot create file containing .. (index)' '
mkpatch_add ../foo >patch &&
test_must_fail git apply --index patch &&
test_path_is_missing ../foo
'
test_expect_success 'cannot create file containing .. with --unsafe-paths (index)' '
mkpatch_add ../foo >patch &&
test_must_fail git apply --index --unsafe-paths patch &&
test_path_is_missing ../foo
'
test_expect_success 'cannot delete file containing ..' '
mkpatch_del ../foo >patch &&
test_must_fail git apply patch &&
test_path_is_file ../foo
'
test_expect_success 'can delete file containing .. with --unsafe-paths' '
mkpatch_del ../foo >patch &&
git apply --unsafe-paths patch &&
test_path_is_missing ../foo
'
test_expect_success 'cannot delete file containing .. (index)' '
mkpatch_del ../foo >patch &&
test_must_fail git apply --index patch &&
test_path_is_file ../foo
'
test_expect_success SYMLINKS 'symlink escape via ..' '
{
mkpatch_symlink tmp .. &&
mkpatch_add tmp/foo ../foo
} >patch &&
test_must_fail git apply patch &&
test_path_is_missing tmp &&
test_path_is_missing ../foo
'
test_expect_success SYMLINKS 'symlink escape via .. (index)' '
{
mkpatch_symlink tmp .. &&
mkpatch_add tmp/foo ../foo
} >patch &&
test_must_fail git apply --index patch &&
test_path_is_missing tmp &&
test_path_is_missing ../foo
'
test_expect_success SYMLINKS 'symlink escape via absolute path' '
{
mkpatch_symlink tmp "$(pwd)" &&
mkpatch_add tmp/foo ../foo
} >patch &&
test_must_fail git apply patch &&
test_path_is_missing tmp &&
test_path_is_missing ../foo
'
test_expect_success SYMLINKS 'symlink escape via absolute path (index)' '
{
mkpatch_symlink tmp "$(pwd)" &&
mkpatch_add tmp/foo ../foo
} >patch &&
test_must_fail git apply --index patch &&
test_path_is_missing tmp &&
test_path_is_missing ../foo
'
test_done
|