Mercurial > hg
comparison tests/test-audit-subrepo.t @ 34984:071cbeba4212 stable
subrepo: disallow symlink traversal across subrepo mount point (SEC)
It wasn't easy to extend the pathauditor to check symlink traversal across
subrepos because pathauditor._checkfs() rejects a directory having ".hg"
directory. That's why I added the explicit islink() check.
No idea if this patch is necessary after we've fixed the issue5730 by
splitting submerge() into planning and execution phases.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Fri, 03 Nov 2017 20:12:50 +0900 |
| parents | 80d7dbda9294 |
| children | ba6324ee49e9 |
comparison
equal
deleted
inserted
replaced
| 34983:80d7dbda9294 | 34984:071cbeba4212 |
|---|---|
| 48 $ cd hgsymdir/root | 48 $ cd hgsymdir/root |
| 49 $ ln -s ../out | 49 $ ln -s ../out |
| 50 $ hg ci -qAm 'add symlink "out"' | 50 $ hg ci -qAm 'add symlink "out"' |
| 51 $ hg init ../out | 51 $ hg init ../out |
| 52 $ echo 'out = out' >> .hgsub | 52 $ echo 'out = out' >> .hgsub |
| 53 BROKEN: should fail | |
| 54 $ hg ci -qAm 'add subrepo "out"' | 53 $ hg ci -qAm 'add subrepo "out"' |
| 54 abort: subrepo 'out' traverses symbolic link | |
| 55 [255] | |
| 56 | |
| 57 prepare tampered repo (including the commit above): | |
| 58 | |
| 59 $ hg import --bypass -qm 'add subrepo "out"' - <<'EOF' | |
| 60 > diff --git a/.hgsub b/.hgsub | |
| 61 > new file mode 100644 | |
| 62 > --- /dev/null | |
| 63 > +++ b/.hgsub | |
| 64 > @@ -0,0 +1,1 @@ | |
| 65 > +out = out | |
| 66 > diff --git a/.hgsubstate b/.hgsubstate | |
| 67 > new file mode 100644 | |
| 68 > --- /dev/null | |
| 69 > +++ b/.hgsubstate | |
| 70 > @@ -0,0 +1,1 @@ | |
| 71 > +0000000000000000000000000000000000000000 out | |
| 72 > EOF | |
| 55 $ cd ../.. | 73 $ cd ../.. |
| 56 | 74 |
| 57 on clone (and update): | 75 on clone (and update): |
| 58 | 76 |
| 59 $ mkdir hgsymdir2 | 77 $ mkdir hgsymdir2 |
| 60 BROKEN: should fail to update | |
| 61 $ hg clone -q hgsymdir/root hgsymdir2/root | 78 $ hg clone -q hgsymdir/root hgsymdir2/root |
| 79 abort: subrepo 'out' traverses symbolic link | |
| 80 [255] | |
| 62 $ ls hgsymdir2 | 81 $ ls hgsymdir2 |
| 63 out | |
| 64 root | 82 root |
| 65 | 83 |
| 66 #endif | 84 #endif |
| 67 | 85 |
| 68 Test indirect symlink traversal | 86 Test indirect symlink traversal |