Google Git
Sign in
googlers / jrn / git / e693237e2ba27b6129e8af7f6a794f5c2fbd26f3^! / . / t / t5317-pack-objects-filter-objects.sh
commite693237e2ba27b6129e8af7f6a794f5c2fbd26f3[log] [tgz]
authorChristian Couder <christian.couder@gmail.com>Wed May 29 14:44:32 2019 +0200
committerJunio C Hamano <gitster@pobox.com>Wed May 29 11:05:34 2019 -0700
tree2317223e6228a03a1b0b9fd4ecf5dc51a5eb5fbb
parentaa25c82427ae70aebf3b8f970f2afd54e9a2a8c6 [diff] [blame]
list-objects-filter: disable 'sparse:path' filters

If someone wants to use as a filter a sparse file that is in the
repository, something like "--filter=sparse:oid=<ref>:<path>"
already works.

So 'sparse:path' is only interesting if the sparse file is not in
the repository. In this case though the current implementation has
a big security issue, as it makes it possible to ask the server to
read any file, like for example /etc/password, and to explore the
filesystem, as well as individual lines of files.

If someone is interested in using a sparse file that is not in the
repository as a filter, then at the minimum a config option, such
as "uploadpack.sparsePathFilter", should be implemented first to
restrict the directory from which the files specified by
'sparse:path' can be read.

For now though, let's just disable 'sparse:path' filters.

Helped-by: Matthew DeVore <matvore@google.com>
Helped-by: Jeff Hostetler <git@jeffhostetler.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/t/t5317-pack-objects-filter-objects.sh b/t/t5317-pack-objects-filter-objects.sh
index 4c0201c..2d2f5d0 100755
--- a/t/t5317-pack-objects-filter-objects.sh
+++ b/t/t5317-pack-objects-filter-objects.sh

@@ -277,6 +277,10 @@
 '
 
 # Test sparse:path=<path> filter.
+# !!!!
+# NOTE: sparse:path filter support has been dropped for security reasons,
+# so the tests have been changed to make sure that using it fails.
+# !!!!
 # Use a local file containing a sparse-checkout specification to filter
 # out blobs not required for the corresponding sparse-checkout.  We do not
 # require sparse-checkout to actually be enabled.
@@ -315,73 +319,24 @@
 	test_cmp expected observed
 '
 
-test_expect_success 'verify sparse:path=pattern1' '
-	git -C r3 ls-files -s dir1/sparse1 dir1/sparse2 >ls_files_result &&
-	awk -f print_2.awk ls_files_result |
-	sort >expected &&
-
-	git -C r3 pack-objects --revs --stdout --filter=sparse:path=../pattern1 >filter.pack <<-EOF &&
+test_expect_success 'verify sparse:path=pattern1 fails' '
+	test_must_fail git -C r3 pack-objects --revs --stdout \
+		--filter=sparse:path=../pattern1 <<-EOF
 	HEAD
 	EOF
-	git -C r3 index-pack ../filter.pack &&
-
-	git -C r3 verify-pack -v ../filter.pack >verify_result &&
-	grep blob verify_result |
-	awk -f print_1.awk |
-	sort >observed &&
-
-	test_cmp expected observed
 '
 
-test_expect_success 'verify normal and sparse:path=pattern1 packfiles have same commits/trees' '
-	git -C r3 verify-pack -v ../all.pack >verify_result &&
-	grep -E "commit|tree" verify_result |
-	awk -f print_1.awk |
-	sort >expected &&
-
-	git -C r3 verify-pack -v ../filter.pack >verify_result &&
-	grep -E "commit|tree" verify_result |
-	awk -f print_1.awk |
-	sort >observed &&
-
-	test_cmp expected observed
-'
-
-test_expect_success 'verify sparse:path=pattern2' '
-	git -C r3 ls-files -s sparse1 dir1/sparse1 >ls_files_result &&
-	awk -f print_2.awk ls_files_result |
-	sort >expected &&
-
-	git -C r3 pack-objects --revs --stdout --filter=sparse:path=../pattern2 >filter.pack <<-EOF &&
+test_expect_success 'verify sparse:path=pattern2 fails' '
+	test_must_fail git -C r3 pack-objects --revs --stdout \
+		--filter=sparse:path=../pattern2 <<-EOF
 	HEAD
 	EOF
-	git -C r3 index-pack ../filter.pack &&
-
-	git -C r3 verify-pack -v ../filter.pack >verify_result &&
-	grep blob verify_result |
-	awk -f print_1.awk |
-	sort >observed &&
-
-	test_cmp expected observed
-'
-
-test_expect_success 'verify normal and sparse:path=pattern2 packfiles have same commits/trees' '
-	git -C r3 verify-pack -v ../all.pack >verify_result &&
-	grep -E "commit|tree" verify_result |
-	awk -f print_1.awk |
-	sort >expected &&
-
-	git -C r3 verify-pack -v ../filter.pack >verify_result &&
-	grep -E "commit|tree" verify_result |
-	awk -f print_1.awk |
-	sort >observed &&
-
-	test_cmp expected observed
 '
 
 # Test sparse:oid=<oid-ish> filter.
-# Like sparse:path, but we get the sparse-checkout specification from
-# a blob rather than a file on disk.
+# Use a blob containing a sparse-checkout specification to filter
+# out blobs not required for the corresponding sparse-checkout.  We do not
+# require sparse-checkout to actually be enabled.
 
 test_expect_success 'setup r4' '
 	git init r4 &&