Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIvan Frade2018-09-24 23:03:35 +0000
committerMatthias Sohn2018-10-05 19:38:22 +0000
commitdb9f7b028d8086e5fc66364e9beba1e3a2b99d48 (patch)
treec59d61cd0b329aa487d173c7dfec48e696792fd4 /org.eclipse.jgit.test/tst
parente5a4c0d17e532824e0d379cb1c322296b07c73f9 (diff)
downloadjgit-db9f7b028d8086e5fc66364e9beba1e3a2b99d48.tar.gz
jgit-db9f7b028d8086e5fc66364e9beba1e3a2b99d48.tar.xz
jgit-db9f7b028d8086e5fc66364e9beba1e3a2b99d48.zip
SubmoduleAddCommand: Reject submodule URIs that look like cli options
In C git versions before 2.19.1, the submodule is fetched by running "git clone <uri> <path>". A URI starting with "-" would be interpreted as an option, causing security problems. See CVE-2018-17456. Refuse to add submodules with URIs, names or paths starting with "-", that could be confused with command line arguments. [jn: backported to JGit 4.7.y, bringing portions of Masaya Suzuki's dotdot check code in v5.1.0.201808281540-m3~57 (Add API to specify the submodule name, 2018-07-12) along for the ride] Change-Id: I2607c3acc480b75ab2b13386fe2cac435839f017 Signed-off-by: Ivan Frade <ifrade@google.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Diffstat (limited to 'org.eclipse.jgit.test/tst')
-rw-r--r--org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java33
1 files changed, 32 insertions, 1 deletions
diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java
index 5c46659c0a..93f47090a3 100644
--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/submodule/SubmoduleAddTest.java
@@ -183,6 +183,37 @@ public class SubmoduleAddTest extends RepositoryTestCase {
}
@Test
+ public void addSubmoduleWithInvalidPath() throws Exception {
+ SubmoduleAddCommand command = new SubmoduleAddCommand(db);
+ command.setPath("-invalid-path");
+ // TODO(ms) set name to a valid value in 5.1.0 and adapt expected
+ // message below
+ command.setURI("http://example.com/repo/x.git");
+ try {
+ command.call().close();
+ fail("Exception not thrown");
+ } catch (IllegalArgumentException e) {
+ // TODO(ms) should check for submodule path, but can't set name
+ // before 5.1.0
+ assertEquals("Invalid submodule name '-invalid-path'",
+ e.getMessage());
+ }
+ }
+
+ @Test
+ public void addSubmoduleWithInvalidUri() throws Exception {
+ SubmoduleAddCommand command = new SubmoduleAddCommand(db);
+ command.setPath("valid-path");
+ command.setURI("-upstream");
+ try {
+ command.call().close();
+ fail("Exception not thrown");
+ } catch (IllegalArgumentException e) {
+ assertEquals("Invalid submodule URL '-upstream'", e.getMessage());
+ }
+ }
+
+ @Test
public void addSubmoduleWithRelativeUri() throws Exception {
try (Git git = new Git(db)) {
writeTrashFile("file.txt", "content");
@@ -269,4 +300,4 @@ public class SubmoduleAddTest extends RepositoryTestCase {
ConfigConstants.CONFIG_KEY_URL));
}
}
-} \ No newline at end of file
+}

Back to the top