facebook/sapling
1
1
Fork 0
mirror of https://github.com/facebook/sapling.git synced 2024-10-10 16:57:49 +03:00
Code Issues Projects Releases Wiki Activity
1a15adc3e0
sapling/Makefile
Augie Fackler 6efcd59b56 hg2git: audit path components during export (CVE-2014-9390) 
A user recently got confused and managed to track and export a .git
directory, which confuses git and causes it to emit very odd
errors. For example, cloning one such repository (which has a symlink
for .git) produces this output from git:

  Cloning into 'git'...
  done.
  error: Updating '.git' would lose untracked files in it

and another (which has a .git directory checked in) produces this:

  Cloning into 'git'...
  done.
  error: Invalid path '.git/hooks/post-update'

If it ended there, that'd be fine, but this led to a line of
investigation that ended with CVE-2014-9390, so now git will block
checking these revisions out, so we should try to prevent
foot-shooting on our end. Since some servers (notably github) are
blocking trees that contain these entries, default to refusing to
export any path component that looks like it folds to .git. Since some
histories probably contain this already, we offer an escape hatch via
the config option git.blockdotgit that allows users to resume
foot-shooting behavior.
2014-11-23 19:06:21 -05:00

32 lines
1.2 KiB
Makefile
Raw Blame History

PYTHON=python
help:
@echo 'Commonly used make targets:'
@echo ' tests - run all tests in the automatic test suite'
@echo ' all-version-tests - run all tests against many hg versions'
@echo ' tests-%s - run all tests in the specified hg version'
all: help
tests:
cd tests && $(PYTHON) run-tests.py --with-hg=`which hg` $(TESTFLAGS)
test-%:
python -m doctest hggit/hg2git.py
cd tests && $(PYTHON) run-tests.py --with-hg=`which hg` $(TESTFLAGS) $@
tests-%:
@echo "Path to crew repo is $(CREW) - set this with CREW= if needed."
hg -R $(CREW) checkout $$(echo $@ | sed s/tests-//) && \
(cd $(CREW) ; $(MAKE) clean ) && \
cd tests && $(PYTHON) $(CREW)/tests/run-tests.py $(TESTFLAGS)
# This is intended to be the authoritative list of Hg versions that this
# extension is tested with. Versions prior to the version that ships in the
# latest Ubuntu LTS release (2.8.2 for 14.04 LTS) may be dropped if they
# interfere with new development. The latest released minor version should be
# listed for each major version; earlier minor versions are not needed.
all-version-tests: tests-2.8.2 tests-3.0.1 tests-3.1 tests-3.2.2 tests-@
.PHONY: tests all-version-tests
Reference in New Issue View Git Blame Copy Permalink