Mercurial > hg-git

annotate tests/test-illegal-contents.t @ 1144:c9ba526e82d6 default tip master

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added signature for changeset c651bb6fcf33
author Kevin Bullock <kbullock@ringworld.org>
date Sun, 14 Oct 2018 21:43:45 -0500
parents be0d1413a06f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
850
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
1 Check for contents we should refuse to export to git repositories (or
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
2 at least warn).
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
3
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
4 Load commonly used test logic
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
5 $ . "$TESTDIR/testutil"
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
6
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
7 $ hg init hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
8 $ cd hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
9 $ mkdir -p .git/hooks
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
10 $ cat > .git/hooks/post-update <<EOF
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
11 > #!/bin/sh
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
12 > echo pwned
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
13 > EOF
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
14
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
15 $ hg addremove
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
16 adding .git/hooks/post-update
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
17 $ hg ci -m "we should refuse to export this"
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
18 $ hg book master
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
19 $ hg gexport
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
20 abort: Refusing to export likely-dangerous path '.git/hooks/post-update'
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
21 (If you need to continue, read about CVE-2014-9390 and then set '[git] blockdotgit = false' in your hgrc.)
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
22 [255]
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
23 $ cd ..
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
24
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
25 $ rm -rf hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
26 $ hg init hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
27 $ cd hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
28 $ mkdir -p nested/.git/hooks/
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
29 $ cat > nested/.git/hooks/post-update <<EOF
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
30 > #!/bin/sh
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
31 > echo pwnd
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
32 > EOF
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
33 $ chmod +x nested/.git/hooks/post-update
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
34 $ hg addremove
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
35 adding nested/.git/hooks/post-update
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
36 $ hg ci -m "also refuse to export this"
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
37 $ hg book master
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
38 $ hg gexport
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
39 abort: Refusing to export likely-dangerous path 'nested/.git/hooks/post-update'
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
40 (If you need to continue, read about CVE-2014-9390 and then set '[git] blockdotgit = false' in your hgrc.)
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
41 [255]
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
42 We can override if needed:
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
43 $ hg --config git.blockdotgit=false gexport
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
44 warning: path 'nested/.git/hooks/post-update' contains a potentially dangerous path component.
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
45 It may not be legal to check out in Git.
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
46 It may also be rejected by some git server configurations.
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
47 $ cd ..
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
48 $ git clone hg/.hg/git git
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
49 Cloning into 'git'...
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
50 done.
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
51 error: Invalid path 'nested/.git/hooks/post-update'
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
52
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
53 Now check something that case-folds to .git, which might let you own
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
54 Mac users:
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
55
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
56 $ cd ..
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
57 $ rm -rf hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
58 $ hg init hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
59 $ cd hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
60 $ mkdir -p .GIT/hooks/
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
61 $ cat > .GIT/hooks/post-checkout <<EOF
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
62 > #!/bin/sh
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
63 > echo pwnd
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
64 > EOF
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
65 $ chmod +x .GIT/hooks/post-checkout
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
66 $ hg addremove
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
67 adding .GIT/hooks/post-checkout
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
68 $ hg ci -m "also refuse to export this"
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
69 $ hg book master
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
70 $ hg gexport
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
71 $ cd ..
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
72
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
73 And the NTFS case:
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
74 $ cd ..
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
75 $ rm -rf hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
76 $ hg init hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
77 $ cd hg
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
78 $ mkdir -p GIT~1/hooks/
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
79 $ cat > GIT~1/hooks/post-checkout <<EOF
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
80 > #!/bin/sh
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
81 > echo pwnd
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
82 > EOF
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
83 $ chmod +x GIT~1/hooks/post-checkout
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
84 $ hg addremove
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
85 adding GIT~1/hooks/post-checkout
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
86 $ hg ci -m "also refuse to export this"
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
87 $ hg book master
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
88 $ hg gexport
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
89 abort: Refusing to export likely-dangerous path 'GIT~1/hooks/post-checkout'
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
90 (If you need to continue, read about CVE-2014-9390 and then set '[git] blockdotgit = false' in your hgrc.)
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
91 [255]
81c55f8629ba hg2git: audit path components during export (CVE-2014-9390)
Augie Fackler <raf@durin42.com>
parents:
diff changeset
92 $ cd ..
987
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
93
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
94 Now check a Git repository containing a Mercurial repository, which
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
95 you can't check out.
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
96
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
97 $ rm -rf hg git nested
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
98 $ git init -q git
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
99 $ hg init nested
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
100 $ mv nested git
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
101 $ cd git
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
102 $ git add nested
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
103 $ fn_git_commit -m 'add a Mercurial repository'
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
104 $ cd ..
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
105 $ hg clone git hg
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
106 importing git objects into hg
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
107 abort: Refusing to import problematic path 'nested/.hg/00changelog.i'
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
108 (Mercurial cannot check out paths inside nested repositories; if you need to continue, then set '[git] blockdothg = false' in your hgrc.)
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
109 [255]
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
110 $ hg clone --config git.blockdothg=false git hg
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
111 importing git objects into hg
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
112 warning: path 'nested/.hg/00changelog.i' is within a nested repository, which Mercurial cannot check out.
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
113 warning: path 'nested/.hg/requires' is within a nested repository, which Mercurial cannot check out.
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
114 updating to branch default
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
115 abort: path 'nested/.hg/00changelog.i' is inside nested repo 'nested'
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
116 [255]
be0d1413a06f git_handler: detect and reject nested Mercurial repositories
Dan Villiom Podlaski Christiansen <danchr@gmail.com>
parents: 850
diff changeset
117 $ cd ..