Show More
| @@ -115,6 +115,10 b' def _sanitize(ui, vfs, ignore):' | |||||
| 115 | vfs.unlink(vfs.reljoin(dirname, f)) |
|
115 | vfs.unlink(vfs.reljoin(dirname, f)) | |
| 116 |
|
116 | |||
| 117 | def _auditsubrepopath(repo, path): |
|
117 | def _auditsubrepopath(repo, path): | |
|
|
118 | # sanity check for potentially unsafe paths such as '~' and '$FOO' | |||
|
|
119 | if path.startswith('~') or '$' in path or util.expandpath(path) != path: | |||
|
|
120 | raise error.Abort(_('subrepo path contains illegal component: %s') | |||
|
|
121 | % path) | |||
| 118 | # auditor doesn't check if the path itself is a symlink |
|
122 | # auditor doesn't check if the path itself is a symlink | |
| 119 | pathutil.pathauditor(repo.root)(path) |
|
123 | pathutil.pathauditor(repo.root)(path) | |
| 120 | if repo.wvfs.islink(path): |
|
124 | if repo.wvfs.islink(path): | |
| @@ -279,8 +279,9 b' prepare tampered repo (including the cha' | |||||
| 279 | on clone (and update) with various substitutions: |
|
279 | on clone (and update) with various substitutions: | |
| 280 |
|
280 | |||
| 281 | $ hg clone -q main main2 |
|
281 | $ hg clone -q main main2 | |
|
|
282 | abort: subrepo path contains illegal component: $SUB | |||
|
|
283 | [255] | |||
| 282 | $ ls main2 |
|
284 | $ ls main2 | |
| 283 | $SUB |
|
|||
| 284 |
|
285 | |||
| 285 | $ SUB=sub1 hg clone -q main main3 |
|
286 | $ SUB=sub1 hg clone -q main main3 | |
| 286 | abort: subrepo path contains illegal component: $SUB |
|
287 | abort: subrepo path contains illegal component: $SUB | |
| @@ -363,8 +364,9 b' are concatenated prior to variable expan' | |||||
| 363 | Test tilde |
|
364 | Test tilde | |
| 364 | ---------- |
|
365 | ---------- | |
| 365 |
|
366 | |||
| 366 |
The leading tilde may be expanded to $HOME, but it |
|
367 | The leading tilde may be expanded to $HOME, but it can be a valid subrepo | |
| 367 |
However, we |
|
368 | path in theory. However, we want to prohibit it as there might be unsafe | |
|
|
369 | handling of such paths. | |||
| 368 |
|
370 | |||
| 369 | on commit: |
|
371 | on commit: | |
| 370 |
|
372 | |||
| @@ -373,15 +375,32 b' on commit:' | |||||
| 373 | $ hg init './~' |
|
375 | $ hg init './~' | |
| 374 |
$ |
|
376 | $ echo '~ = ~' >> .hgsub | |
| 375 | $ hg ci -qAm 'add subrepo "~"' |
|
377 | $ hg ci -qAm 'add subrepo "~"' | |
| 376 | $ ls |
|
378 | abort: subrepo path contains illegal component: ~ | |
| 377 | ~ |
|
379 | [255] | |
|
|
380 | ||||
|
|
381 | prepare tampered repo (including the commit above): | |||
|
|
382 | ||||
|
|
383 | $ hg import --bypass -qm 'add subrepo "~"' - <<'EOF' | |||
|
|
384 | > diff --git a/.hgsub b/.hgsub | |||
|
|
385 | > new file mode 100644 | |||
|
|
386 | > --- /dev/null | |||
|
|
387 | > +++ b/.hgsub | |||
|
|
388 | > @@ -0,0 +1,1 @@ | |||
|
|
389 | > +~ = ~ | |||
|
|
390 | > diff --git a/.hgsubstate b/.hgsubstate | |||
|
|
391 | > new file mode 100644 | |||
|
|
392 | > --- /dev/null | |||
|
|
393 | > +++ b/.hgsubstate | |||
|
|
394 | > @@ -0,0 +1,1 @@ | |||
|
|
395 | > +0000000000000000000000000000000000000000 ~ | |||
|
|
396 | > EOF | |||
| 378 | $ cd .. |
|
397 | $ cd .. | |
| 379 |
|
398 | |||
| 380 | on clone (and update): |
|
399 | on clone (and update): | |
| 381 |
|
400 | |||
| 382 | $ hg clone -q tilde tilde2 |
|
401 | $ hg clone -q tilde tilde2 | |
| 383 | $ ls tilde2 |
|
402 | abort: subrepo path contains illegal component: ~ | |
| 384 | ~ |
|
403 | [255] | |
| 385 |
|
404 | |||
| 386 | Test direct symlink traversal |
|
405 | Test direct symlink traversal | |
| 387 | ----------------------------- |
|
406 | ----------------------------- | |
General Comments 0
You need to be logged in to leave comments.
Login now