Validate paths during DirCheckout
DirCacheCheckout and CanonicalTreeParser cooperate. CanonicalTreeParser can detect malformed, potentially malicious tree entries and sets a flag, while DirCacheCheckout refuses to work with such paths. Malicious tree entries are ".", "..", ".git" (case insensitive), any name containing '/' and (on Windows '\') and also (on Windows) any paths ending in a combination of '.' or space or containing a ':'. We also forbid all special names like "con" etc on Windows. Some of the test can execute on any platform by enabling partial platform emulation. A new runtime exception, InvalidPathException, is introduced. For backwards compatibility it extends InvalidArgumentException. Change-Id: I86199105814b63d4340e5de0e471d0da6b579ead Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This commit is contained in:
parent
9c5b31703f
commit
42d7565ba9
|
@ -92,6 +92,7 @@ public MockSystemReader() {
|
|||
init(Constants.GIT_COMMITTER_EMAIL_KEY);
|
||||
userGitConfig = new MockConfig(null, null);
|
||||
systemGitConfig = new MockConfig(null, null);
|
||||
setCurrentPlatform();
|
||||
}
|
||||
|
||||
private void init(final String n) {
|
||||
|
|
|
@ -40,6 +40,7 @@ Import-Package: org.eclipse.jgit.api;version="[2.0.0,2.1.0)",
|
|||
org.eclipse.jgit.util;version="[2.0.0,2.1.0)",
|
||||
org.eclipse.jgit.util.io;version="[2.0.0,2.1.0)",
|
||||
org.hamcrest;version="[1.1.0,2.0.0)",
|
||||
org.hamcrest.text.pattern;version="[1.1.0,2.0.0)",
|
||||
org.junit;version="[4.4.0,5.0.0)",
|
||||
org.junit.experimental.theories;version="[4.4.0,5.0.0)",
|
||||
org.junit.runner;version="[4.4.0,5.0.0)"
|
||||
|
|
|
@ -69,6 +69,13 @@
|
|||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.hamcrest</groupId>
|
||||
<artifactId>hamcrest-library</artifactId>
|
||||
<scope>test</scope>
|
||||
<version>[1.1.0,2.0.0)</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.eclipse.jgit</groupId>
|
||||
<artifactId>org.eclipse.jgit</artifactId>
|
||||
|
|
|
@ -0,0 +1,420 @@
|
|||
/*
|
||||
* Copyright (C) 2011, Robin Rosenberg <robin.rosenberg@dewire.com>
|
||||
* and other copyright owners as documented in the project's IP log.
|
||||
*
|
||||
* This program and the accompanying materials are made available under the
|
||||
* terms of the Eclipse Distribution License v1.0 which accompanies this
|
||||
* distribution, is reproduced below, and is available at
|
||||
* http://www.eclipse.org/org/documents/edl-v10.php
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* - Redistributions of source code must retain the above copyright notice, this
|
||||
* list of conditions and the following disclaimer.
|
||||
*
|
||||
* - Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* - Neither the name of the Eclipse Foundation, Inc. nor the names of its
|
||||
* contributors may be used to endorse or promote products derived from this
|
||||
* software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
package org.eclipse.jgit.lib;
|
||||
|
||||
import static org.hamcrest.Matchers.startsWith;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
|
||||
import org.eclipse.jgit.api.Git;
|
||||
import org.eclipse.jgit.api.errors.CheckoutConflictException;
|
||||
import org.eclipse.jgit.api.errors.InvalidRefNameException;
|
||||
import org.eclipse.jgit.api.errors.JGitInternalException;
|
||||
import org.eclipse.jgit.api.errors.RefAlreadyExistsException;
|
||||
import org.eclipse.jgit.api.errors.RefNotFoundException;
|
||||
import org.eclipse.jgit.dircache.InvalidPathException;
|
||||
import org.eclipse.jgit.errors.IncorrectObjectTypeException;
|
||||
import org.eclipse.jgit.errors.MissingObjectException;
|
||||
import org.eclipse.jgit.junit.MockSystemReader;
|
||||
import org.eclipse.jgit.revwalk.RevWalk;
|
||||
import org.eclipse.jgit.util.SystemReader;
|
||||
import org.junit.Test;
|
||||
|
||||
public class DirCacheCheckoutMaliciousPathTest extends RepositoryTestCase {
|
||||
protected ObjectId theHead;
|
||||
protected ObjectId theMerge;
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsolutePathIsOk() throws Exception {
|
||||
testMaliciousPathGoodFirstCheckout("ok");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsolutePathIsOkSecondCheckout() throws Exception {
|
||||
testMaliciousPathGoodSecondCheckout("ok");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsolutePathIsOkTwoLevels() throws Exception {
|
||||
testMaliciousPathGoodSecondCheckout("a", "ok");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsolutePath() throws Exception {
|
||||
testMaliciousPathBadFirstCheckout("/tmp/x");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsolutePathSecondCheckout() throws Exception {
|
||||
testMaliciousPathBadSecondCheckout("/tmp/x");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsolutePathTwoLevelsFirstBad() throws Exception {
|
||||
testMaliciousPathBadFirstCheckout("/tmp/x", "y");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsolutePathTwoLevelsSecondBad() throws Exception {
|
||||
testMaliciousPathBadFirstCheckout("y", "/tmp/x");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsoluteCurDrivePathWindows() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout("\\somepath");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsoluteCurDrivePathWindowsOnUnix()
|
||||
throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setUnix();
|
||||
testMaliciousPathGoodFirstCheckout("\\somepath");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsoluteUNCPathWindows1() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout("\\\\somepath");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsoluteUNCPathWindows1OnUnix() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setUnix();
|
||||
testMaliciousPathGoodFirstCheckout("\\\\somepath");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsoluteUNCPathWindows2() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout("\\/somepath");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsoluteUNCPathWindows2OnUnix() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setUnix();
|
||||
testMaliciousPathBadFirstCheckout("\\/somepath");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsoluteWindowsPath1() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout("c:\\temp\\x");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsoluteWindowsPath1OnUnix() throws Exception {
|
||||
if (File.separatorChar == '\\')
|
||||
return; // cannot emulate Unix on Windows for this test
|
||||
((MockSystemReader) SystemReader.getInstance()).setUnix();
|
||||
testMaliciousPathGoodFirstCheckout("c:\\temp\\x");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousAbsoluteWindowsPath2() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setCurrentPlatform();
|
||||
testMaliciousPathBadFirstCheckout("c:/temp/x");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPath1() throws Exception {
|
||||
testMaliciousPathBadFirstCheckout(".git/konfig");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPath2() throws Exception {
|
||||
testMaliciousPathBadFirstCheckout(".git", "konfig");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPath1Case() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows(); // or OS X
|
||||
testMaliciousPathBadFirstCheckout(".Git/konfig");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPath2Case() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows(); // or OS X
|
||||
testMaliciousPathBadFirstCheckout(".gIt", "konfig");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPath3Case() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows(); // or OS X
|
||||
testMaliciousPathBadFirstCheckout(".giT", "konfig");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPathEndSpaceWindows() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout(".git ", "konfig");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPathEndSpaceUnixOk() throws Exception {
|
||||
if (File.separatorChar == '\\')
|
||||
return; // cannot emulate Unix on Windows for this test
|
||||
((MockSystemReader) SystemReader.getInstance()).setUnix();
|
||||
testMaliciousPathGoodFirstCheckout(".git ", "konfig");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPathEndDotWindows1() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout(".git.", "konfig");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPathEndDotWindows2() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout(".f.");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPathEndDotWindows3() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathGoodFirstCheckout(".f");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousGitPathEndDotUnixOk() throws Exception {
|
||||
if (File.separatorChar == '\\')
|
||||
return; // cannot emulate Unix on Windows for this test
|
||||
((MockSystemReader) SystemReader.getInstance()).setUnix();
|
||||
testMaliciousPathGoodFirstCheckout(".git.", "konfig");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousPathDotDot() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setCurrentPlatform();
|
||||
testMaliciousPathBadFirstCheckout("..", "no");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousPathDot() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setCurrentPlatform();
|
||||
testMaliciousPathBadFirstCheckout(".", "no");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousPathEmpty() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setCurrentPlatform();
|
||||
testMaliciousPathBadFirstCheckout("", "no");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousWindowsADS() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout("some:path");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMaliciousWindowsADSOnUnix() throws Exception {
|
||||
if (File.separatorChar == '\\')
|
||||
return; // cannot emulate Unix on Windows for this test
|
||||
((MockSystemReader) SystemReader.getInstance()).setUnix();
|
||||
testMaliciousPathGoodFirstCheckout("some:path");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenNamesOnWindowsEgCon() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout("con");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenNamesOnWindowsEgConDotSuffix() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout("con.txt");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenNamesOnWindowsEgLpt1() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout("lpt1");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenNamesOnWindowsEgLpt1DotSuffix() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathBadFirstCheckout("lpt1.txt");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenNamesOnWindowsEgDotCon() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathGoodFirstCheckout(".con");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenNamesOnWindowsEgLpr() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathGoodFirstCheckout("lpt"); // good name
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenNamesOnWindowsEgCon1() throws Exception {
|
||||
((MockSystemReader) SystemReader.getInstance()).setWindows();
|
||||
testMaliciousPathGoodFirstCheckout("con1"); // good name
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenWindowsNamesOnUnixEgCon() throws Exception {
|
||||
if (File.separatorChar == '\\')
|
||||
return; // cannot emulate Unix on Windows for this test
|
||||
testMaliciousPathGoodFirstCheckout("con");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenWindowsNamesOnUnixEgLpt1() throws Exception {
|
||||
if (File.separatorChar == '\\')
|
||||
return; // cannot emulate Unix on Windows for this test
|
||||
testMaliciousPathGoodFirstCheckout("lpt1");
|
||||
}
|
||||
|
||||
private void testMaliciousPathBadFirstCheckout(String... paths)
|
||||
throws Exception {
|
||||
testMaliciousPath(false, false, paths);
|
||||
}
|
||||
|
||||
private void testMaliciousPathBadSecondCheckout(String... paths) throws Exception {
|
||||
testMaliciousPath(false, true, paths);
|
||||
}
|
||||
|
||||
private void testMaliciousPathGoodFirstCheckout(String... paths)
|
||||
throws Exception {
|
||||
testMaliciousPath(true, false, paths);
|
||||
}
|
||||
|
||||
private void testMaliciousPathGoodSecondCheckout(String... paths) throws Exception {
|
||||
testMaliciousPath(true, true, paths);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a bad tree and tries to check it out
|
||||
*
|
||||
* @param good
|
||||
* true if we expect this to pass
|
||||
* @param secondCheckout
|
||||
* perform the actual test on the second checkout
|
||||
* @param path
|
||||
* to the blob, one or more levels
|
||||
* @throws IOException
|
||||
* @throws RefAlreadyExistsException
|
||||
* @throws RefNotFoundException
|
||||
* @throws InvalidRefNameException
|
||||
* @throws MissingObjectException
|
||||
* @throws IncorrectObjectTypeException
|
||||
* @throws CheckoutConflictException
|
||||
* @throws JGitInternalException
|
||||
*/
|
||||
private void testMaliciousPath(boolean good, boolean secondCheckout, String... path)
|
||||
throws IOException, RefAlreadyExistsException,
|
||||
RefNotFoundException, InvalidRefNameException,
|
||||
MissingObjectException, IncorrectObjectTypeException,
|
||||
JGitInternalException, CheckoutConflictException {
|
||||
Git git = new Git(db);
|
||||
ObjectInserter newObjectInserter;
|
||||
newObjectInserter = git.getRepository().newObjectInserter();
|
||||
ObjectId blobId = newObjectInserter.insert(Constants.OBJ_BLOB,
|
||||
"data".getBytes());
|
||||
newObjectInserter = git.getRepository().newObjectInserter();
|
||||
FileMode mode = FileMode.REGULAR_FILE;
|
||||
ObjectId insertId = blobId;
|
||||
for (int i = path.length - 1; i >= 0; --i) {
|
||||
TreeFormatter treeFormatter = new TreeFormatter();
|
||||
treeFormatter.append("goodpath", mode, insertId);
|
||||
insertId = newObjectInserter.insert(treeFormatter);
|
||||
mode = FileMode.TREE;
|
||||
}
|
||||
newObjectInserter = git.getRepository().newObjectInserter();
|
||||
CommitBuilder commitBuilder = new CommitBuilder();
|
||||
commitBuilder.setAuthor(author);
|
||||
commitBuilder.setCommitter(committer);
|
||||
commitBuilder.setMessage("foo#1");
|
||||
commitBuilder.setTreeId(insertId);
|
||||
ObjectId firstCommitId = newObjectInserter.insert(commitBuilder);
|
||||
|
||||
newObjectInserter = git.getRepository().newObjectInserter();
|
||||
mode = FileMode.REGULAR_FILE;
|
||||
insertId = blobId;
|
||||
for (int i = path.length - 1; i >= 0; --i) {
|
||||
TreeFormatter treeFormatter = new TreeFormatter();
|
||||
treeFormatter.append(path[i], mode, insertId);
|
||||
insertId = newObjectInserter.insert(treeFormatter);
|
||||
mode = FileMode.TREE;
|
||||
}
|
||||
|
||||
// Create another commit
|
||||
commitBuilder = new CommitBuilder();
|
||||
commitBuilder.setAuthor(author);
|
||||
commitBuilder.setCommitter(committer);
|
||||
commitBuilder.setMessage("foo#2");
|
||||
commitBuilder.setTreeId(insertId);
|
||||
commitBuilder.setParentId(firstCommitId);
|
||||
ObjectId commitId = newObjectInserter.insert(commitBuilder);
|
||||
|
||||
RevWalk revWalk = new RevWalk(git.getRepository());
|
||||
if (!secondCheckout)
|
||||
git.checkout().setStartPoint(revWalk.parseCommit(firstCommitId))
|
||||
.setName("refs/heads/master").setCreateBranch(true).call();
|
||||
try {
|
||||
if (secondCheckout) {
|
||||
git.checkout().setStartPoint(revWalk.parseCommit(commitId))
|
||||
.setName("refs/heads/master").setCreateBranch(true)
|
||||
.call();
|
||||
} else {
|
||||
git.branchCreate().setName("refs/heads/next")
|
||||
.setStartPoint(commitId.name()).call();
|
||||
git.checkout().setName("refs/heads/next")
|
||||
.call();
|
||||
}
|
||||
if (!good)
|
||||
fail("Checkout of Tree " + Arrays.asList(path) + " should fail");
|
||||
} catch (InvalidPathException e) {
|
||||
if (good)
|
||||
throw e;
|
||||
assertThat(e.getMessage(), startsWith("Invalid path: "));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -58,12 +58,13 @@
|
|||
import org.eclipse.jgit.errors.IndexWriteException;
|
||||
import org.eclipse.jgit.errors.MissingObjectException;
|
||||
import org.eclipse.jgit.internal.JGitText;
|
||||
import org.eclipse.jgit.lib.Constants;
|
||||
import org.eclipse.jgit.lib.CoreConfig.AutoCRLF;
|
||||
import org.eclipse.jgit.lib.FileMode;
|
||||
import org.eclipse.jgit.lib.ObjectId;
|
||||
import org.eclipse.jgit.lib.ObjectLoader;
|
||||
import org.eclipse.jgit.lib.ObjectReader;
|
||||
import org.eclipse.jgit.lib.Repository;
|
||||
import org.eclipse.jgit.lib.CoreConfig.AutoCRLF;
|
||||
import org.eclipse.jgit.treewalk.AbstractTreeIterator;
|
||||
import org.eclipse.jgit.treewalk.CanonicalTreeParser;
|
||||
import org.eclipse.jgit.treewalk.EmptyTreeIterator;
|
||||
|
@ -75,6 +76,7 @@
|
|||
import org.eclipse.jgit.treewalk.filter.PathFilter;
|
||||
import org.eclipse.jgit.util.FS;
|
||||
import org.eclipse.jgit.util.FileUtils;
|
||||
import org.eclipse.jgit.util.SystemReader;
|
||||
import org.eclipse.jgit.util.io.AutoCRLFOutputStream;
|
||||
|
||||
/**
|
||||
|
@ -304,6 +306,8 @@ public void prescanOneTree()
|
|||
void processEntry(CanonicalTreeParser m, DirCacheBuildIterator i,
|
||||
WorkingTreeIterator f) throws IOException {
|
||||
if (m != null) {
|
||||
if (!isValidPath(m))
|
||||
throw new InvalidPathException(m.getEntryPathString());
|
||||
// There is an entry in the merge commit. Means: we want to update
|
||||
// what's currently in the index and working-tree to that one
|
||||
if (i == null) {
|
||||
|
@ -506,12 +510,15 @@ private boolean equalIdAndMode(ObjectId id1, FileMode mode1, ObjectId id2,
|
|||
* @throws IOException
|
||||
*/
|
||||
|
||||
void processEntry(AbstractTreeIterator h, AbstractTreeIterator m,
|
||||
void processEntry(CanonicalTreeParser h, CanonicalTreeParser m,
|
||||
DirCacheBuildIterator i, WorkingTreeIterator f) throws IOException {
|
||||
DirCacheEntry dce = i != null ? i.getDirCacheEntry() : null;
|
||||
|
||||
String name = walk.getPathString();
|
||||
|
||||
if (m != null && !isValidPath(m))
|
||||
throw new InvalidPathException(m.getEntryPathString());
|
||||
|
||||
if (i == null && m == null && h == null) {
|
||||
// File/Directory conflict case #20
|
||||
if (walk.isDirectoryFileConflict())
|
||||
|
@ -988,4 +995,103 @@ public static void checkoutEntry(final Repository repo, File f,
|
|||
else
|
||||
entry.setLength((int) ol.getSize());
|
||||
}
|
||||
|
||||
private static byte[][] forbidden;
|
||||
static {
|
||||
String[] list = new String[] { "AUX", "COM1", "COM2", "COM3", "COM4",
|
||||
"COM5", "COM6", "COM7", "COM8", "COM9", "CON", "LPT1", "LPT2",
|
||||
"LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9", "NUL",
|
||||
"PRN" };
|
||||
forbidden = new byte[list.length][];
|
||||
for (int i = 0; i < list.length; ++i)
|
||||
forbidden[i] = Constants.encodeASCII(list[i]);
|
||||
}
|
||||
|
||||
private static boolean isValidPath(CanonicalTreeParser t) {
|
||||
for (CanonicalTreeParser i = t; i != null; i = i.getParent())
|
||||
if (!isValidPathSegment(i))
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
private static boolean isValidPathSegment(CanonicalTreeParser t) {
|
||||
boolean isWindows = "Windows".equals(SystemReader.getInstance()
|
||||
.getProperty("os.name"));
|
||||
boolean isOSX = "Mac OS X".equals(SystemReader.getInstance()
|
||||
.getProperty("os.name"));
|
||||
boolean ignCase = isOSX || isWindows;
|
||||
|
||||
int ptr = t.getNameOffset();
|
||||
byte[] raw = t.getEntryPathBuffer();
|
||||
int end = ptr + t.getNameLength();
|
||||
|
||||
// Validate path component at this level of the tree
|
||||
int start = ptr;
|
||||
while (ptr < end) {
|
||||
if (raw[ptr] == '/')
|
||||
return false;
|
||||
if (isWindows) {
|
||||
if (raw[ptr] == '\\')
|
||||
return false;
|
||||
if (raw[ptr] == ':')
|
||||
return false;
|
||||
}
|
||||
ptr++;
|
||||
}
|
||||
// '.' and '.'' are invalid here
|
||||
if (ptr - start == 1) {
|
||||
if (raw[start] == '.')
|
||||
return false;
|
||||
} else if (ptr - start == 2) {
|
||||
if (raw[start] == '.')
|
||||
if (raw[start + 1] == '.')
|
||||
return false;
|
||||
} else if (ptr - start == 4) {
|
||||
// .git (possibly case insensitive) is disallowed
|
||||
if (raw[start] == '.')
|
||||
if (raw[start + 1] == 'g' || (ignCase && raw[start + 1] == 'G'))
|
||||
if (raw[start + 2] == 'i'
|
||||
|| (ignCase && raw[start + 2] == 'I'))
|
||||
if (raw[start + 3] == 't'
|
||||
|| (ignCase && raw[start + 3] == 'T'))
|
||||
return false;
|
||||
}
|
||||
if (isWindows) {
|
||||
// Space or period at end of file name is ignored by Windows.
|
||||
// Treat this as a bad path for now. We may want to handle
|
||||
// this as case insensitivity in the future.
|
||||
if (raw[ptr - 1] == '.' || raw[ptr - 1] == ' ')
|
||||
return false;
|
||||
int i;
|
||||
// Bad names, eliminate suffix first
|
||||
for (i = start; i < ptr; ++i)
|
||||
if (raw[i] == '.')
|
||||
break;
|
||||
int len = i - start;
|
||||
if (len == 3 || len == 4) {
|
||||
for (int j = 0; j < forbidden.length; ++j) {
|
||||
if (forbidden[j].length == len) {
|
||||
if (toUpper(raw[start]) < forbidden[j][0])
|
||||
break;
|
||||
int k;
|
||||
for (k = 0; k < len; ++k) {
|
||||
if (toUpper(raw[start + k]) != forbidden[j][k])
|
||||
break;
|
||||
}
|
||||
if (k == len)
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private static byte toUpper(byte b) {
|
||||
if (b >= 'a' && b <= 'z')
|
||||
return (byte) (b - ('a' - 'A'));
|
||||
return b;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -64,6 +64,7 @@
|
|||
import org.eclipse.jgit.util.IO;
|
||||
import org.eclipse.jgit.util.MutableInteger;
|
||||
import org.eclipse.jgit.util.NB;
|
||||
import org.eclipse.jgit.util.SystemReader;
|
||||
|
||||
/**
|
||||
* A single file (or stage of a file) in a {@link DirCache}.
|
||||
|
@ -261,8 +262,7 @@ public DirCacheEntry(final byte[] newPath) {
|
|||
@SuppressWarnings("boxing")
|
||||
public DirCacheEntry(final byte[] newPath, final int stage) {
|
||||
if (!isValidPath(newPath))
|
||||
throw new IllegalArgumentException(MessageFormat.format(JGitText.get().invalidPath
|
||||
, toString(newPath)));
|
||||
throw new InvalidPathException(toString(newPath));
|
||||
if (stage < 0 || 3 < stage)
|
||||
throw new IllegalArgumentException(MessageFormat.format(JGitText.get().invalidStageForPath
|
||||
, stage, toString(newPath)));
|
||||
|
@ -716,7 +716,14 @@ static boolean isValidPath(final byte[] path) {
|
|||
else
|
||||
return false;
|
||||
break;
|
||||
|
||||
case '\\':
|
||||
case ':':
|
||||
// Tree's never have a backslash in them, not even on Windows
|
||||
// but even there we regard it as an invalid path
|
||||
if ("Windows".equals(SystemReader.getInstance().getProperty(
|
||||
"os.name")))
|
||||
return false;
|
||||
//$FALL-THROUGH$
|
||||
default:
|
||||
componentHasChars = true;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
/*
|
||||
* Copyright (C) 2011, Robin Rosenberg
|
||||
* and other copyright owners as documented in the project's IP log.
|
||||
*
|
||||
* This program and the accompanying materials are made available
|
||||
* under the terms of the Eclipse Distribution License v1.0 which
|
||||
* accompanies this distribution, is reproduced below, and is
|
||||
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or
|
||||
* without modification, are permitted provided that the following
|
||||
* conditions are met:
|
||||
*
|
||||
* - Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* - Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* - Neither the name of the Eclipse Foundation, Inc. nor the
|
||||
* names of its contributors may be used to endorse or promote
|
||||
* products derived from this software without specific prior
|
||||
* written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
|
||||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
package org.eclipse.jgit.dircache;
|
||||
|
||||
import java.text.MessageFormat;
|
||||
|
||||
import org.eclipse.jgit.internal.JGitText;
|
||||
|
||||
/**
|
||||
* Thrown when JGit detects and refuses to use an invalid path
|
||||
*/
|
||||
public class InvalidPathException extends IllegalArgumentException {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* @param path
|
||||
*/
|
||||
public InvalidPathException(String path) {
|
||||
super(MessageFormat.format(JGitText.get().invalidPath, path));
|
||||
}
|
||||
}
|
|
@ -49,6 +49,7 @@
|
|||
import java.nio.ByteBuffer;
|
||||
import java.nio.CharBuffer;
|
||||
|
||||
import org.eclipse.jgit.dircache.DirCacheCheckout;
|
||||
import org.eclipse.jgit.errors.CorruptObjectException;
|
||||
import org.eclipse.jgit.errors.IncorrectObjectTypeException;
|
||||
import org.eclipse.jgit.lib.Constants;
|
||||
|
@ -647,10 +648,23 @@ public int getNameLength() {
|
|||
}
|
||||
|
||||
/**
|
||||
* Get the name component of the current entry path into the provided buffer.
|
||||
* JGit internal API for use by {@link DirCacheCheckout}
|
||||
*
|
||||
* @param buffer the buffer to get the name into, it is assumed that buffer can hold the name
|
||||
* @param offset the offset of the name in the buffer
|
||||
* @return start of name component part within {@link #getEntryPathBuffer()}
|
||||
*/
|
||||
public int getNameOffset() {
|
||||
return pathOffset;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the name component of the current entry path into the provided
|
||||
* buffer.
|
||||
*
|
||||
* @param buffer
|
||||
* the buffer to get the name into, it is assumed that buffer can
|
||||
* hold the name
|
||||
* @param offset
|
||||
* the offset of the name in the buffer
|
||||
* @see #getNameLength()
|
||||
*/
|
||||
public void getName(byte[] buffer, int offset) {
|
||||
|
|
|
@ -108,6 +108,14 @@ private CanonicalTreeParser(final CanonicalTreeParser p) {
|
|||
super(p);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the parent of this tree parser
|
||||
* @internal
|
||||
*/
|
||||
public CanonicalTreeParser getParent() {
|
||||
return (CanonicalTreeParser) parent;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset this parser to walk through the given tree data.
|
||||
*
|
||||
|
|
Loading…
Reference in New Issue