Show More
| @@ -115,6 +115,10 b' def _sanitize(ui, vfs, ignore):' | |||
|
|
115 | 115 | vfs.unlink(vfs.reljoin(dirname, f)) |
|
|
116 | 116 | |
|
|
117 | 117 | def _auditsubrepopath(repo, path): |
|
|
118 | # sanity check for potentially unsafe paths such as '~' and '$FOO' | |
|
|
119 | if path.startswith('~') or '$' in path or util.expandpath(path) != path: | |
|
|
120 | raise error.Abort(_('subrepo path contains illegal component: %s') | |
|
|
121 | % path) | |
|
|
118 | 122 | # auditor doesn't check if the path itself is a symlink |
|
|
119 | 123 | pathutil.pathauditor(repo.root)(path) |
|
|
120 | 124 | if repo.wvfs.islink(path): |
| @@ -279,8 +279,9 b' prepare tampered repo (including the cha' | |||
|
|
279 | 279 | on clone (and update) with various substitutions: |
|
|
280 | 280 | |
|
|
281 | 281 | $ hg clone -q main main2 |
|
|
282 | abort: subrepo path contains illegal component: $SUB | |
|
|
283 | [255] | |
|
|
282 | 284 | $ ls main2 |
|
|
283 | $SUB | |
|
|
284 | 285 | |
|
|
285 | 286 | $ SUB=sub1 hg clone -q main main3 |
|
|
286 | 287 | abort: subrepo path contains illegal component: $SUB |
| @@ -363,8 +364,9 b' are concatenated prior to variable expan' | |||
|
|
363 | 364 | Test tilde |
|
|
364 | 365 | ---------- |
|
|
365 | 366 | |
|
|
366 |
The leading tilde may be expanded to $HOME, but it |
|
|
|
367 |
However, we |
|
|
|
367 | The leading tilde may be expanded to $HOME, but it can be a valid subrepo | |
|
|
368 | path in theory. However, we want to prohibit it as there might be unsafe | |
|
|
369 | handling of such paths. | |
|
|
368 | 370 | |
|
|
369 | 371 | on commit: |
|
|
370 | 372 | |
| @@ -373,15 +375,32 b' on commit:' | |||
|
|
373 | 375 | $ hg init './~' |
|
|
374 | 376 |
$ |
|
|
375 | 377 | $ hg ci -qAm 'add subrepo "~"' |
|
|
376 | $ ls | |
|
|
377 | ~ | |
|
|
378 | abort: subrepo path contains illegal component: ~ | |
|
|
379 | [255] | |
|
|
380 | ||
|
|
381 | prepare tampered repo (including the commit above): | |
|
|
382 | ||
|
|
383 | $ hg import --bypass -qm 'add subrepo "~"' - <<'EOF' | |
|
|
384 | > diff --git a/.hgsub b/.hgsub | |
|
|
385 | > new file mode 100644 | |
|
|
386 | > --- /dev/null | |
|
|
387 | > +++ b/.hgsub | |
|
|
388 | > @@ -0,0 +1,1 @@ | |
|
|
389 | > +~ = ~ | |
|
|
390 | > diff --git a/.hgsubstate b/.hgsubstate | |
|
|
391 | > new file mode 100644 | |
|
|
392 | > --- /dev/null | |
|
|
393 | > +++ b/.hgsubstate | |
|
|
394 | > @@ -0,0 +1,1 @@ | |
|
|
395 | > +0000000000000000000000000000000000000000 ~ | |
|
|
396 | > EOF | |
|
|
378 | 397 | $ cd .. |
|
|
379 | 398 | |
|
|
380 | 399 | on clone (and update): |
|
|
381 | 400 | |
|
|
382 | 401 | $ hg clone -q tilde tilde2 |
|
|
383 | $ ls tilde2 | |
|
|
384 | ~ | |
|
|
402 | abort: subrepo path contains illegal component: ~ | |
|
|
403 | [255] | |
|
|
385 | 404 | |
|
|
386 | 405 | Test direct symlink traversal |
|
|
387 | 406 | ----------------------------- |
General Comments 0
You need to be logged in to leave comments.
Login now