diff options
| author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-11-13 22:42:57 +0000 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-11-13 22:42:57 +0000 |
| commit | db3da4a27387bc0d692b5ee91d6bcccc8c498ab7 (patch) | |
| tree | 0bd296361c76955ac3b1032a6bfde3c153346105 /lib | |
| parent | 9ff4111b2afefe8e205a494a98fa301cdd9439c1 (diff) | |
| download | gitano-db3da4a27387bc0d692b5ee91d6bcccc8c498ab7.tar.gz | |
Fix information leak in rename command, enable the tests for that, disable a test which now shouldn't pass
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitano/command.lua | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/lib/gitano/command.lua b/lib/gitano/command.lua index 9694377..66be53e 100644 --- a/lib/gitano/command.lua +++ b/lib/gitano/command.lua @@ -655,19 +655,11 @@ local function builtin_rename_validate(config, repo, cmdline) log.error("Rename takes a repository and a new name for it") return false end - if not repo or repo.is_nascent then - log.error("Cannot rename", repo.name, "as it does not exit") - return false - end return true end local function builtin_rename_prep(config, repo, cmdline, context) local ctx, action, reason - -- Check 0, is the current repo nascent - if repo.is_nascent then - return "deny", "Cannot rename a repository which does not exist" - end -- Check 1, read current repo ctx = util.deep_copy(context) ctx.operation = "read" @@ -675,27 +667,32 @@ local function builtin_rename_prep(config, repo, cmdline, context) if action ~= "allow" then return action, reason end - -- Check 2, rename current repo + -- Check 2, is the current repo nascent + if repo.is_nascent then + return "deny", "Cannot rename a repository which does not exist" + end + -- Check 3, rename current repo ctx = util.deep_copy(context) ctx.operation = "renamerepo" action, reason = repo:run_lace(ctx) if action ~= "allow" then return action, reason end - -- Check 3, create new repo + -- Check 4, create new repo ctx = util.deep_copy(context) local newrepo, msg = repository.find(config, cmdline[3]) if not newrepo then return "deny", msg end - if not newrepo.is_nascent then - return "deny", "Destination location is in use" - end ctx.operation="createrepo" action, reason = newrepo:run_lace(ctx) if action ~= "allow" then return action, reason end + -- Check 5, does new repo already exist? + if not newrepo.is_nascent then + return "deny", "Destination location is in use" + end -- Okay, we could create, read, and destroy -- thus we can rename return "allow", "Passed all checks, can rename" |