- 24 May, 2018 1 commit
-
-
Carlos Martín Nieto committed
-
- 14 May, 2018 1 commit
-
-
Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to protect Windows users. Ideally we would check for both separators without the need for the copied string, but this'll get us over the RCE.
Carlos Martín Nieto committed
-
- 09 May, 2018 1 commit
-
-
If the we decide that the "name" of the submodule (i.e. its path inside `.git/modules/`) is trying to escape that directory or otherwise trick us, we ignore the configuration for that submodule. This leaves us with a half-configured submodule when looking it up by path, but it's the same result as if the configuration really were missing. The name check is potentially more strict than it needs to be, but it lets us re-use the check we're doing for the checkout. The function that encapsulates this logic is ready to be exported but we don't want to do that in a security release so it remains internal for now.
Carlos Martín Nieto committed
-
- 30 Apr, 2018 1 commit
-
-
We should pretend such submdules do not exist as it can lead to RCE.
Carlos Martín Nieto committed
-
- 28 Mar, 2018 1 commit
-
-
Carson Howard committed
-
- 27 Mar, 2018 7 commits
-
-
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed -
Carson Howard committed
-
Carson Howard committed
-
Carson Howard committed
-
Carson Howard committed
-
Carson Howard committed
-
submodule: check path and prefix before adding submodule submodule: fix test errors
Carson Howard committed
-
- 25 Aug, 2017 3 commits
-
-
While it is technically possible to look up submodules inside of a bare repository by reading the submodule configuration of a specific commit, we do not offer this functionality right now. As such, calling both `git_submodule_lookup` and `git_submodule_foreach` should error out early when these functions encounter a bare repository. While `git_submodule_lookup` already does return an error due to not being able to parse the configuration, `git_submodule_foreach` simply returns success and never invokes the callback function. Fix the issue by having both functions check whether the repository is bare and returning an error in that case.
Patrick Steinhardt committed -
Patrick Steinhardt committed
-
The testcase "submodule::lookup::cached" was declared with a single underscore separating the test suide and test name, only. As the clar parser only catches tests with two underscores, it was never executed. Add in the second underscore to actually have it detected and executed.
Patrick Steinhardt committed
-
- 19 May, 2017 1 commit
-
-
To determine if a repository is a worktree or not, we currently check for the existence of a "gitdir" file inside of the repository's gitdir. While this is sufficient for non-broken repositories, we have at least one case of a subtly broken repository where there exists a gitdir file inside of a gitmodule. This will cause us to misidentify the submodule as a worktree. While this is not really a fault of ours, we can do better here by observing that a repository can only ever be a worktree iff its common directory and dotgit directory are different. This allows us to make our check whether a repo is a worktree or not more strict by doing a simple string comparison of these two directories. This will also allow us to do the right thing in the above case of a broken repository, as for submodules these directories will be the same. At the same time, this allows us to skip the `stat` check for the "gitdir" file for most repositories.
Patrick Steinhardt committed
-
- 17 May, 2017 1 commit
-
-
Patrick Steinhardt committed
-
- 17 Feb, 2017 1 commit
-
-
Provide more detailed messages when conditions pass or fail unexpectedly. In particular, this provides the error messages when a test fails with a different error code than was expected.
Edward Thomson committed
-
- 20 Jan, 2017 1 commit
-
-
Added `git_repository_submodule_cache_all` to initialze a cache of submodules on the repository so that operations looking up N submodules are O(N) and not O(N^2). Added a `git_repository_submodule_cache_clear` function to remove the cache. Also optimized the function that loads all submodules as it was itself O(N^2) w.r.t the number of submodules, having to loop through the `.gitmodules` file once per submodule. I changed it to process the `.gitmodules` file once, into a map. Signed-off-by: David Turner <dturner@twosigma.com>
Brock Peabody committed
-
- 31 Mar, 2016 1 commit
-
-
Edward Thomson committed
-
- 21 Dec, 2015 1 commit
-
-
Dmitriy Olshevskiy committed
-
- 04 Nov, 2015 1 commit
-
-
Test that `git_submodule_update` can handle a submodule that is freshly cloned and has a path differing from its name.
Edward Thomson committed
-
- 18 Sep, 2015 2 commits
-
-
Test an initial submodule update, where we are trying to checkout the submodule for the first time, and placing a file within the submodule working directory with the same name as the submodule (and consequently, the same name as the repository itself).
Edward Thomson committed -
Carlos Martín Nieto committed
-
- 17 Sep, 2015 1 commit
-
-
Untangle git_futils_mkdir from git_futils_mkdir_ext - the latter assumes that we own everything beneath the base, as if it were being called with a base of the repository or working directory, and is tailored towards checkout and ensuring that there is no bogosity beneath the base that must be cleaned up. This is (at best) slow and (at worst) unsafe in the larger context of a filesystem where we do not own things and cannot do things like unlink symlinks that are in our way.
Edward Thomson committed
-
- 10 Sep, 2015 1 commit
-
-
Carlos Martín Nieto committed
-
- 28 Aug, 2015 1 commit
-
-
Edward Thomson committed
-
- 13 Jul, 2015 1 commit
-
-
Carlos Martín Nieto committed
-
- 12 Jul, 2015 1 commit
-
-
This also affects `git_index_add_bypath()` by providing a better error message and a specific error code when a directory is passed.
Carlos Martín Nieto committed
-
- 11 Jul, 2015 1 commit
-
-
When we rename a submodule, we should be merging two sets of information based on whether their path is the same. We currently only deduplicate on equal name, which causes us to double-report.
Carlos Martín Nieto committed
-
- 01 Jul, 2015 2 commits
-
-
When two submodules are fairly similar, we may end up loading the wrong one.
Carlos Martín Nieto committed -
The function was removed, but its declaration and changelog entry about its removal were forgotten. The comment in the test doesn't make any sense as the function doesn't exist anymore, so get rid of it as well.
Carlos Martín Nieto committed
-
- 29 Jun, 2015 1 commit
-
-
We allow looking up a submodule by path, but we lost the path normalisation during the recent changes. Bring it back.
Carlos Martín Nieto committed
-
- 25 Jun, 2015 1 commit
-
-
Fallback describes the mechanism, while unspecified explains what the user is thinking.
Carlos Martín Nieto committed
-
- 22 Jun, 2015 6 commits
-
-
In addition to mapping enums to strings in the configuration, we need to know to delete the configuration option when given the "none" or "no" option.
Carlos Martín Nieto committed -
The current code will always fail, but only because it's asking for a string on a live config. Take a snapshot and make sure we fail with ENOTFOUND instead of any old error.
Carlos Martín Nieto committed -
Carlos Martín Nieto committed
-
We no longer have any setters which affect an instance, so `git_submodule_save()` is no longer relevant.
Carlos Martín Nieto committed -
With this one, we can get rid of the edit_and_save test.
Carlos Martín Nieto committed -
Carlos Martín Nieto committed
-