From 808c4495ca941038c087cf6e348b22641db92a5f Mon Sep 17 00:00:00 2001
From: Thomas Wolf <thomas.wolf@paranor.ch>
Date: Tue, 9 Mar 2021 22:23:14 +0100
Subject: [PATCH] HTTP cookies: do tilde expansion on http.cookieFile

Git config http.cookieFile must have ~ expansion, compare [1].

It also should be an absolute path. While a relative path is allowed,
C git just passes the value on to libcurl, so it'll be relative to the
current working directory and thus not work in all directories.

Log a warning if the path is relative.

(Alternatives would be to throw an exception, or to resolve the path
relative to the .git directory, or relative to the working tree root,
or relative to the config file it occurs in. But C git does not seem
to do either.)

[1] https://github.com/git/git/commit/e5a39ad8e

Bug: 571798
Change-Id: I5cdab6061d0613ac7d8cb7977e5b97f5b88f562d
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
---
 .../eclipse/jgit/internal/JGitText.properties |  1 +
 .../org/eclipse/jgit/internal/JGitText.java   |  1 +
 .../eclipse/jgit/transport/TransportHttp.java | 27 +++++++++++++------
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
index 9695e5742..33087d762 100644
--- a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
+++ b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
@@ -139,6 +139,7 @@ configHandleMayBeLocked=config file handle may be locked by other process, {0}.
 connectionFailed=connection failed
 connectionTimeOut=Connection time out: {0}
 contextMustBeNonNegative=context must be >= 0
+cookieFilePathRelative=git config http.cookieFile contains a relative path, should be absolute: {0}
 corruptionDetectedReReadingAt=Corruption detected re-reading at {0}
 corruptObjectBadDate=bad date
 corruptObjectBadEmail=bad email
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
index 95265feb4..3eef49b1c 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
@@ -167,6 +167,7 @@ public static JGitText get() {
 	/***/ public String connectionFailed;
 	/***/ public String connectionTimeOut;
 	/***/ public String contextMustBeNonNegative;
+	/***/ public String cookieFilePathRelative;
 	/***/ public String corruptionDetectedReReadingAt;
 	/***/ public String corruptObjectBadDate;
 	/***/ public String corruptObjectBadEmail;
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
index 2e5d18dc1..0710d3fdf 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
@@ -35,6 +35,7 @@
 
 import java.io.BufferedInputStream;
 import java.io.BufferedReader;
+import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
@@ -53,8 +54,6 @@
 import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.InvalidPathException;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.security.GeneralSecurityException;
 import java.security.cert.CertPathBuilderException;
 import java.security.cert.CertPathValidatorException;
@@ -101,6 +100,7 @@
 import org.eclipse.jgit.transport.http.HttpConnection;
 import org.eclipse.jgit.transport.http.HttpConnectionFactory;
 import org.eclipse.jgit.transport.http.HttpConnectionFactory2;
+import org.eclipse.jgit.util.FS;
 import org.eclipse.jgit.util.HttpSupport;
 import org.eclipse.jgit.util.IO;
 import org.eclipse.jgit.util.RawParseUtils;
@@ -1157,17 +1157,28 @@ IOException wrongContentType(String expType, String actType) {
 		return new TransportException(uri, why);
 	}
 
-	private static NetscapeCookieFile getCookieFileFromConfig(
+	private NetscapeCookieFile getCookieFileFromConfig(
 			HttpConfig config) {
-		if (!StringUtils.isEmptyOrNull(config.getCookieFile())) {
+		String path = config.getCookieFile();
+		if (!StringUtils.isEmptyOrNull(path)) {
 			try {
-				Path cookieFilePath = Paths.get(config.getCookieFile());
+				FS fs = local != null ? local.getFS() : FS.DETECTED;
+				File f;
+				if (path.startsWith("~/")) { //$NON-NLS-1$
+					f = fs.resolve(fs.userHome(), path.substring(2));
+				} else {
+					f = new File(path);
+					if (!f.isAbsolute()) {
+						f = fs.resolve(null, path);
+						LOG.warn(MessageFormat.format(
+								JGitText.get().cookieFilePathRelative, f));
+					}
+				}
 				return NetscapeCookieFileCache.getInstance(config)
-						.getEntry(cookieFilePath);
+						.getEntry(f.toPath());
 			} catch (InvalidPathException e) {
 				LOG.warn(MessageFormat.format(
-						JGitText.get().couldNotReadCookieFile,
-						config.getCookieFile()), e);
+						JGitText.get().couldNotReadCookieFile, path), e);
 			}
 		}
 		return null;