manifest: validate project name & path and include name attributes

These attribute values are used to construct local filesystem paths, so apply the existing filesystem checks to them. Bug: https://crbug.com/gerrit/14156 Change-Id: Ibcceecd60fa74f0eb97cd9ed1a9792e139534ed4 Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/298443 Reviewed-by: Michael Mortensen <mmortensen@google.com> Tested-by: Mike Frysinger <vapier@google.com>
author: Mike Frysinger <vapier@google.com> 2021-02-25 21:53:49 -0500
committer: Mike Frysinger <vapier@google.com> 2021-02-28 16:07:12 +0000
commit: a29424ea6d6f5a38ef9c25141c9f095161dbd3ff (patch)
tree: 0f8772476b727db41976ca70169de854cc67dbfd /manifest_xml.py
parent: a00c5f40e76fd520597013ae89823711212630b3 (diff)
download: git-repo-a29424ea6d6f5a38ef9c25141c9f095161dbd3ff.tar.gz
1 files changed, 14 insertions, 4 deletions
diff --git a/manifest_xml.py b/manifest_xml.py
index d05f4d0a..cd5954df 100644
--- a/manifest_xml.py
+++ b/manifest_xml.py
@@ -670,6 +670,10 @@ https://gerrit.googlesource.com/git-repo/+/HEAD/docs/manifest-format.md
    for node in manifest.childNodes:
      if node.nodeName == 'include':
        name = self._reqatt(node, 'name')
+        msg = self._CheckLocalPath(name)
+        if msg:
+          raise ManifestInvalidPathError(
+              '<include> invalid "name": %s: %s' % (name, msg))
        include_groups = ''
        if parent_groups:
          include_groups = parent_groups
@@ -979,6 +983,10 @@ https://gerrit.googlesource.com/git-repo/+/HEAD/docs/manifest-format.md
    reads a <project> element from the manifest file
    """
    name = self._reqatt(node, 'name')
+    msg = self._CheckLocalPath(name, dir_ok=True)
+    if msg:
+      raise ManifestInvalidPathError(
+          '<project> invalid "name": %s: %s' % (name, msg))
    if parent:
      name = self._JoinName(parent.name, name)
@@ -999,9 +1007,11 @@ https://gerrit.googlesource.com/git-repo/+/HEAD/docs/manifest-format.md
    path = node.getAttribute('path')
    if not path:
      path = name
-    if path.startswith('/'):
+    else:
-      raise ManifestParseError("project %s path cannot be absolute in %s" %
+      msg = self._CheckLocalPath(path, dir_ok=True)
-                               (name, self.manifestFile))
+      if msg:
+        raise ManifestInvalidPathError(
+            '<project> invalid "path": %s: %s' % (path, msg))
    rebase = XmlBool(node, 'rebase', True)
    sync_c = XmlBool(node, 'sync-c', False)
@@ -1124,7 +1134,7 @@ https://gerrit.googlesource.com/git-repo/+/HEAD/docs/manifest-format.md
  def _CheckLocalPath(path, dir_ok=False, cwd_dot_ok=False):
    """Verify |path| is reasonable for use in filesystem paths.
-    Used with <copyfile> & <linkfile> elements.
+    Used with <copyfile> & <linkfile> & <project> elements.
    This only validates the |path| in isolation: it does not check against the
    current filesystem state.  Thus it is suitable as a first-past in a parser.
author	Mike Frysinger <vapier@google.com>	2021-02-25 21:53:49 -0500
committer	Mike Frysinger <vapier@google.com>	2021-02-28 16:07:12 +0000
commit	a29424ea6d6f5a38ef9c25141c9f095161dbd3ff (patch)
tree	0f8772476b727db41976ca70169de854cc67dbfd /manifest_xml.py
parent	a00c5f40e76fd520597013ae89823711212630b3 (diff)
download	git-repo-a29424ea6d6f5a38ef9c25141c9f095161dbd3ff.tar.gz