Skip to content

Commit 7553763

Browse files
carlosmncarlosmn
committed
submodule: add a failing test for a submodule escaping .git/modules
We should pretend such submdules do not exist as it can lead to RCE.
1 parent 86353a7 commit 7553763

File tree

1 file changed

+60
-0
lines changed

1 file changed

+60
-0
lines changed

tests/submodule/escape.c

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
#include "clar_libgit2.h"
2+
#include "posix.h"
3+
#include "path.h"
4+
#include "submodule_helpers.h"
5+
#include "fileops.h"
6+
#include "repository.h"
7+
8+
static git_repository *g_repo = NULL;
9+
10+
void test_submodule_escape__cleanup(void)
11+
{
12+
cl_git_sandbox_cleanup();
13+
}
14+
15+
#define EVIL_SM_NAME "../../modules/evil"
16+
17+
static int find_evil(git_submodule *sm, const char *name, void *payload)
18+
{
19+
int *foundit = (int *) payload;
20+
21+
GIT_UNUSED(sm);
22+
23+
if (!git__strcmp(EVIL_SM_NAME, name))
24+
*foundit = true;
25+
26+
return 0;
27+
}
28+
29+
void test_submodule_escape__from_gitdir(void)
30+
{
31+
int foundit;
32+
git_config *cfg;
33+
git_submodule *sm;
34+
git_buf buf = GIT_BUF_INIT;
35+
36+
g_repo = setup_fixture_submodule_simple();
37+
38+
cl_git_pass(git_buf_joinpath(&buf, git_repository_workdir(g_repo), ".gitmodules"));
39+
cl_git_pass(git_config_open_ondisk(&cfg, git_buf_cstr(&buf)));
40+
41+
/* We don't have a function to rename a subsection so we do it manually */
42+
cl_git_pass(git_submodule_lookup(&sm, g_repo, "testrepo"));
43+
cl_git_pass(git_config_set_string(cfg, "submodule." EVIL_SM_NAME ".path", git_submodule_path(sm)));
44+
cl_git_pass(git_config_set_string(cfg, "submodule." EVIL_SM_NAME ".url", git_submodule_url(sm)));
45+
cl_git_pass(git_config_delete_entry(cfg, "submodule.testrepo.path"));
46+
cl_git_pass(git_config_delete_entry(cfg, "submodule.testrepo.url"));
47+
git_config_free(cfg);
48+
49+
/* We also need to update the value in the config */
50+
cl_git_pass(git_repository_config__weakptr(&cfg, g_repo));
51+
cl_git_pass(git_config_set_string(cfg, "submodule." EVIL_SM_NAME ".url", git_submodule_url(sm)));
52+
cfg = NULL;
53+
54+
/* Find it all the different ways we know about it */
55+
cl_git_fail_with(GIT_ENOTFOUND, git_submodule_lookup(&sm, g_repo, EVIL_SM_NAME));
56+
cl_git_fail_with(GIT_ENOTFOUND, git_submodule_lookup(&sm, g_repo, "testrepo"));
57+
foundit = 0;
58+
cl_git_pass(git_submodule_foreach(g_repo, find_evil, &foundit));
59+
cl_assert_equal_i(0, foundit);
60+
}

0 commit comments

Comments
 (0)