diff options
author | Edward Thomson <ethomson@edwardthomson.com> | 2022-11-23 13:53:40 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-23 13:53:40 +0000 |
commit | d0203b6484812a44331e99d6754c955844d49fdb (patch) | |
tree | df15390edb38bf457a6e9502766c1c02b3cdcca7 | |
parent | 33e1c9853a66896074af0514a88116c2f1422890 (diff) | |
parent | 594bd70b84247eb5fb4b04defb362496b8c85a2b (diff) | |
download | libgit2-d0203b6484812a44331e99d6754c955844d49fdb.tar.gz |
Merge pull request #6429 from csware/safe.directory-wildcard
Add support for "safe.directory *"
-rw-r--r-- | src/libgit2/repository.c | 4 | ||||
-rw-r--r-- | tests/libgit2/repo/open.c | 76 |
2 files changed, 79 insertions, 1 deletions
diff --git a/src/libgit2/repository.c b/src/libgit2/repository.c index dd443a630..df41f581c 100644 --- a/src/libgit2/repository.c +++ b/src/libgit2/repository.c @@ -498,7 +498,9 @@ static int validate_ownership_cb(const git_config_entry *entry, void *payload) if (strcmp(entry->value, "") == 0) *data->is_safe = false; - if (git_fs_path_prettify_dir(&data->tmp, entry->value, NULL) == 0 && + if (strcmp(entry->value, "*") == 0) + *data->is_safe = true; + else if (git_fs_path_prettify_dir(&data->tmp, entry->value, NULL) == 0 && strcmp(data->tmp.ptr, data->repo_path) == 0) *data->is_safe = true; diff --git a/tests/libgit2/repo/open.c b/tests/libgit2/repo/open.c index a7e7828ab..d835240b7 100644 --- a/tests/libgit2/repo/open.c +++ b/tests/libgit2/repo/open.c @@ -575,6 +575,45 @@ void test_repo_open__can_allowlist_dirs_with_problematic_ownership(void) git_str_dispose(&config_data); } +void test_repo_open__can_wildcard_allowlist_with_problematic_ownership(void) +{ + git_repository *repo; + git_str config_path = GIT_STR_INIT, config_filename = GIT_STR_INIT; + + cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1)); + + cl_fixture_sandbox("empty_standard_repo"); + cl_git_pass(cl_rename( + "empty_standard_repo/.gitted", "empty_standard_repo/.git")); + + git_fs_path__set_owner(GIT_FS_PATH_OWNER_OTHER); + cl_git_fail_with( + GIT_EOWNER, git_repository_open(&repo, "empty_standard_repo")); + + /* Add safe.directory options to the global configuration */ + git_str_joinpath(&config_path, clar_sandbox_path(), "__global_config"); + cl_must_pass(p_mkdir(config_path.ptr, 0777)); + git_libgit2_opts( + GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, + config_path.ptr); + + git_str_joinpath(&config_filename, config_path.ptr, ".gitconfig"); + + cl_git_rewritefile(config_filename.ptr, "[foo]\n" + "\tbar = Foobar\n" + "\tbaz = Baz!\n" + "[safe]\n" + "\tdirectory = *\n" + "[bar]\n" + "\tfoo = barfoo\n"); + + cl_git_pass(git_repository_open(&repo, "empty_standard_repo")); + git_repository_free(repo); + + git_str_dispose(&config_path); + git_str_dispose(&config_filename); +} + void test_repo_open__can_allowlist_bare_gitdir(void) { git_repository *repo; @@ -619,6 +658,43 @@ void test_repo_open__can_allowlist_bare_gitdir(void) git_str_dispose(&config_data); } +void test_repo_open__can_wildcard_allowlist_bare_gitdir(void) +{ + git_repository *repo; + git_str config_path = GIT_STR_INIT, config_filename = GIT_STR_INIT; + + cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1)); + + cl_fixture_sandbox("testrepo.git"); + + git_fs_path__set_owner(GIT_FS_PATH_OWNER_OTHER); + cl_git_fail_with( + GIT_EOWNER, git_repository_open(&repo, "testrepo.git")); + + /* Add safe.directory options to the global configuration */ + git_str_joinpath(&config_path, clar_sandbox_path(), "__global_config"); + cl_must_pass(p_mkdir(config_path.ptr, 0777)); + git_libgit2_opts( + GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, + config_path.ptr); + + git_str_joinpath(&config_filename, config_path.ptr, ".gitconfig"); + + cl_git_rewritefile(config_filename.ptr, "[foo]\n" + "\tbar = Foobar\n" + "\tbaz = Baz!\n" + "[safe]\n" + "\tdirectory = *\n" + "[bar]\n" + "\tfoo = barfoo\n"); + + cl_git_pass(git_repository_open(&repo, "testrepo.git")); + git_repository_free(repo); + + git_str_dispose(&config_path); + git_str_dispose(&config_filename); +} + void test_repo_open__can_reset_safe_directory_list(void) { git_repository *repo; |