Mercurial > hg-git

view tests/test-illegal-contents.t @ 1092:3799bf885c1d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
compat: use newer read_pkt_refs from dulwich if possible Beginning with dulwich 0.18, it now supports reporting the symrefs so we no longer need to monkey patch (will require future patches to use the new code, though).
author Sean Farley <sean@farley.io>
date Mon, 27 Nov 2017 17:45:51 -0500
parents be0d1413a06f
children
line wrap: on
line source

Check for contents we should refuse to export to git repositories (or
at least warn).

Load commonly used test logic
  $ . "$TESTDIR/testutil"

  $ hg init hg
  $ cd hg
  $ mkdir -p .git/hooks
  $ cat > .git/hooks/post-update <<EOF
  > #!/bin/sh
  > echo pwned
  > EOF

  $ hg addremove
  adding .git/hooks/post-update
  $ hg ci -m "we should refuse to export this"
  $ hg book master
  $ hg gexport
  abort: Refusing to export likely-dangerous path '.git/hooks/post-update'
  (If you need to continue, read about CVE-2014-9390 and then set '[git] blockdotgit = false' in your hgrc.)
  [255]
  $ cd ..

  $ rm -rf hg
  $ hg init hg
  $ cd hg
  $ mkdir -p nested/.git/hooks/
  $ cat > nested/.git/hooks/post-update <<EOF
  > #!/bin/sh
  > echo pwnd
  > EOF
  $ chmod +x nested/.git/hooks/post-update
  $ hg addremove
  adding nested/.git/hooks/post-update
  $ hg ci -m "also refuse to export this"
  $ hg book master
  $ hg gexport
  abort: Refusing to export likely-dangerous path 'nested/.git/hooks/post-update'
  (If you need to continue, read about CVE-2014-9390 and then set '[git] blockdotgit = false' in your hgrc.)
  [255]
We can override if needed:
  $ hg --config git.blockdotgit=false gexport
  warning: path 'nested/.git/hooks/post-update' contains a potentially dangerous path component.
  It may not be legal to check out in Git.
  It may also be rejected by some git server configurations.
  $ cd ..
  $ git clone hg/.hg/git git
  Cloning into 'git'...
  done.
  error: Invalid path 'nested/.git/hooks/post-update'

Now check something that case-folds to .git, which might let you own
Mac users:

  $ cd ..
  $ rm -rf hg
  $ hg init hg
  $ cd hg
  $ mkdir -p .GIT/hooks/
  $ cat > .GIT/hooks/post-checkout <<EOF
  > #!/bin/sh
  > echo pwnd
  > EOF
  $ chmod +x .GIT/hooks/post-checkout
  $ hg addremove
  adding .GIT/hooks/post-checkout
  $ hg ci -m "also refuse to export this"
  $ hg book master
  $ hg gexport
  $ cd ..

And the NTFS case:
  $ cd ..
  $ rm -rf hg
  $ hg init hg
  $ cd hg
  $ mkdir -p GIT~1/hooks/
  $ cat > GIT~1/hooks/post-checkout <<EOF
  > #!/bin/sh
  > echo pwnd
  > EOF
  $ chmod +x GIT~1/hooks/post-checkout
  $ hg addremove
  adding GIT~1/hooks/post-checkout
  $ hg ci -m "also refuse to export this"
  $ hg book master
  $ hg gexport
  abort: Refusing to export likely-dangerous path 'GIT~1/hooks/post-checkout'
  (If you need to continue, read about CVE-2014-9390 and then set '[git] blockdotgit = false' in your hgrc.)
  [255]
  $ cd ..

Now check a Git repository containing a Mercurial repository, which
you can't check out.

  $ rm -rf hg git nested
  $ git init -q git
  $ hg init nested
  $ mv nested git
  $ cd git
  $ git add nested
  $ fn_git_commit -m 'add a Mercurial repository'
  $ cd ..
  $ hg clone git hg
  importing git objects into hg
  abort: Refusing to import problematic path 'nested/.hg/00changelog.i'
  (Mercurial cannot check out paths inside nested repositories; if you need to continue, then set '[git] blockdothg = false' in your hgrc.)
  [255]
  $ hg clone --config git.blockdothg=false git hg
  importing git objects into hg
  warning: path 'nested/.hg/00changelog.i' is within a nested repository, which Mercurial cannot check out.
  warning: path 'nested/.hg/requires' is within a nested repository, which Mercurial cannot check out.
  updating to branch default
  abort: path 'nested/.hg/00changelog.i' is inside nested repo 'nested'
  [255]
  $ cd ..