facebook/sapling
1
1
Fork 0
mirror of https://github.com/facebook/sapling.git synced 2024-10-09 16:31:02 +03:00
Code Issues Projects Releases Wiki Activity
d30699113e
sapling/tests/test-illegal-contents.t
Augie Fackler 6efcd59b56 hg2git: audit path components during export (CVE-2014-9390) 
A user recently got confused and managed to track and export a .git
directory, which confuses git and causes it to emit very odd
errors. For example, cloning one such repository (which has a symlink
for .git) produces this output from git:

  Cloning into 'git'...
  done.
  error: Updating '.git' would lose untracked files in it

and another (which has a .git directory checked in) produces this:

  Cloning into 'git'...
  done.
  error: Invalid path '.git/hooks/post-update'

If it ended there, that'd be fine, but this led to a line of
investigation that ended with CVE-2014-9390, so now git will block
checking these revisions out, so we should try to prevent
foot-shooting on our end. Since some servers (notably github) are
blocking trees that contain these entries, default to refusing to
export any path component that looks like it folds to .git. Since some
histories probably contain this already, we offer an escape hatch via
the config option git.blockdotgit that allows users to resume
foot-shooting behavior.
2014-11-23 19:06:21 -05:00

93 lines
2.4 KiB
Perl
Raw Blame History

Check for contents we should refuse to export to git repositories (or
at least warn).
Load commonly used test logic
$ . "$TESTDIR/testutil"
$ hg init hg
$ cd hg
$ mkdir -p .git/hooks
$ cat > .git/hooks/post-update <<EOF
> #!/bin/sh
> echo pwned
> EOF
$ hg addremove
adding .git/hooks/post-update
$ hg ci -m "we should refuse to export this"
$ hg book master
$ hg gexport
abort: Refusing to export likely-dangerous path '.git/hooks/post-update'
(If you need to continue, read about CVE-2014-9390 and then set '[git] blockdotgit = false' in your hgrc.)
[255]
$ cd ..
$ rm -rf hg
$ hg init hg
$ cd hg
$ mkdir -p nested/.git/hooks/
$ cat > nested/.git/hooks/post-update <<EOF
> #!/bin/sh
> echo pwnd
> EOF
$ chmod +x nested/.git/hooks/post-update
$ hg addremove
adding nested/.git/hooks/post-update
$ hg ci -m "also refuse to export this"
$ hg book master
$ hg gexport
abort: Refusing to export likely-dangerous path 'nested/.git/hooks/post-update'
(If you need to continue, read about CVE-2014-9390 and then set '[git] blockdotgit = false' in your hgrc.)
[255]
We can override if needed:
$ hg --config git.blockdotgit=false gexport
warning: path 'nested/.git/hooks/post-update' contains a potentially dangerous path component.
It may not be legal to check out in Git.
It may also be rejected by some git server configurations.
$ cd ..
$ git clone hg/.hg/git git
Cloning into 'git'...
done.
error: Invalid path 'nested/.git/hooks/post-update'
Now check something that case-folds to .git, which might let you own
Mac users:
$ cd ..
$ rm -rf hg
$ hg init hg
$ cd hg
$ mkdir -p .GIT/hooks/
$ cat > .GIT/hooks/post-checkout <<EOF
> #!/bin/sh
> echo pwnd
> EOF
$ chmod +x .GIT/hooks/post-checkout
$ hg addremove
adding .GIT/hooks/post-checkout
$ hg ci -m "also refuse to export this"
$ hg book master
$ hg gexport
$ cd ..
And the NTFS case:
$ cd ..
$ rm -rf hg
$ hg init hg
$ cd hg
$ mkdir -p GIT~1/hooks/
$ cat > GIT~1/hooks/post-checkout <<EOF
> #!/bin/sh
> echo pwnd
> EOF
$ chmod +x GIT~1/hooks/post-checkout
$ hg addremove
adding GIT~1/hooks/post-checkout
$ hg ci -m "also refuse to export this"
$ hg book master
$ hg gexport
abort: Refusing to export likely-dangerous path 'GIT~1/hooks/post-checkout'
(If you need to continue, read about CVE-2014-9390 and then set '[git] blockdotgit = false' in your hgrc.)
[255]
$ cd ..
Reference in New Issue View Git Blame Copy Permalink