git/t/t4139-apply-escape.sh
Ævar Arnfjörð Bjarmason f54f48fc07 leak tests: mark some apply tests as passing with SANITIZE=leak
Mark some tests that match "*apply*" as passing when git is compiled
with SANITIZE=leak. They'll now be listed as running under the
"GIT_TEST_PASSING_SANITIZE_LEAK=true" test mode (the "linux-leaks" CI
target).

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2021-11-01 11:23:08 -07:00

143 lines
3.1 KiB
Bash
Executable file

#!/bin/sh
test_description='paths written by git-apply cannot escape the working tree'
TEST_PASSES_SANITIZE_LEAK=true
. ./test-lib.sh
# tests will try to write to ../foo, and we do not
# want them to escape the trash directory when they
# fail
test_expect_success 'bump git repo one level down' '
mkdir inside &&
mv .git inside/ &&
cd inside
'
# $1 = name of file
# $2 = current path to file (if different)
mkpatch_add () {
rm -f "${2:-$1}" &&
cat <<-EOF
diff --git a/$1 b/$1
new file mode 100644
index 0000000..53c74cd
--- /dev/null
+++ b/$1
@@ -0,0 +1 @@
+evil
EOF
}
mkpatch_del () {
echo evil >"${2:-$1}" &&
cat <<-EOF
diff --git a/$1 b/$1
deleted file mode 100644
index 53c74cd..0000000
--- a/$1
+++ /dev/null
@@ -1 +0,0 @@
-evil
EOF
}
# $1 = name of file
# $2 = content of symlink
mkpatch_symlink () {
rm -f "$1" &&
cat <<-EOF
diff --git a/$1 b/$1
new file mode 120000
index 0000000..$(printf "%s" "$2" | git hash-object --stdin)
--- /dev/null
+++ b/$1
@@ -0,0 +1 @@
+$2
\ No newline at end of file
EOF
}
test_expect_success 'cannot create file containing ..' '
mkpatch_add ../foo >patch &&
test_must_fail git apply patch &&
test_path_is_missing ../foo
'
test_expect_success 'can create file containing .. with --unsafe-paths' '
mkpatch_add ../foo >patch &&
git apply --unsafe-paths patch &&
test_path_is_file ../foo
'
test_expect_success 'cannot create file containing .. (index)' '
mkpatch_add ../foo >patch &&
test_must_fail git apply --index patch &&
test_path_is_missing ../foo
'
test_expect_success 'cannot create file containing .. with --unsafe-paths (index)' '
mkpatch_add ../foo >patch &&
test_must_fail git apply --index --unsafe-paths patch &&
test_path_is_missing ../foo
'
test_expect_success 'cannot delete file containing ..' '
mkpatch_del ../foo >patch &&
test_must_fail git apply patch &&
test_path_is_file ../foo
'
test_expect_success 'can delete file containing .. with --unsafe-paths' '
mkpatch_del ../foo >patch &&
git apply --unsafe-paths patch &&
test_path_is_missing ../foo
'
test_expect_success 'cannot delete file containing .. (index)' '
mkpatch_del ../foo >patch &&
test_must_fail git apply --index patch &&
test_path_is_file ../foo
'
test_expect_success SYMLINKS 'symlink escape via ..' '
{
mkpatch_symlink tmp .. &&
mkpatch_add tmp/foo ../foo
} >patch &&
test_must_fail git apply patch &&
test_path_is_missing tmp &&
test_path_is_missing ../foo
'
test_expect_success SYMLINKS 'symlink escape via .. (index)' '
{
mkpatch_symlink tmp .. &&
mkpatch_add tmp/foo ../foo
} >patch &&
test_must_fail git apply --index patch &&
test_path_is_missing tmp &&
test_path_is_missing ../foo
'
test_expect_success SYMLINKS 'symlink escape via absolute path' '
{
mkpatch_symlink tmp "$(pwd)" &&
mkpatch_add tmp/foo ../foo
} >patch &&
test_must_fail git apply patch &&
test_path_is_missing tmp &&
test_path_is_missing ../foo
'
test_expect_success SYMLINKS 'symlink escape via absolute path (index)' '
{
mkpatch_symlink tmp "$(pwd)" &&
mkpatch_add tmp/foo ../foo
} >patch &&
test_must_fail git apply --index patch &&
test_path_is_missing tmp &&
test_path_is_missing ../foo
'
test_done