diff options
| author | Mike Frysinger <vapier@google.com> | 2021-03-01 21:38:08 -0500 |
|---|---|---|
| committer | Mike Frysinger <vapier@google.com> | 2021-03-02 03:18:57 +0000 |
| commit | 541339720451b0a05dc7ebe83e17bafb89863c6f (patch) | |
| tree | 769d23948beab6523127880f013fc806de8eef87 /tests/test_manifest_xml.py | |
| parent | 13cb7f799dc61093ed69726093a5af8bf48c65d1 (diff) | |
| download | git-repo-541339720451b0a05dc7ebe83e17bafb89863c6f.tar.gz | |
manifest: relax include name rules for user-specified pathv2.13.1
Allow the user to specify relative or absolute or any other funky
path that they want when using `repo init` or `repo sync`. Our
goal is to restrict the paths in the remote manifest git repo we
cloned from the network, not protect the user from themselves.
Bug: https://crbug.com/gerrit/14156
Change-Id: I1ccfb2a6bd1dce2bd765e261bef0bbf0f8a9beb6
Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/298823
Reviewed-by: Jonathan Nieder <jrn@google.com>
Tested-by: Mike Frysinger <vapier@google.com>
Diffstat (limited to 'tests/test_manifest_xml.py')
| -rw-r--r-- | tests/test_manifest_xml.py | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/tests/test_manifest_xml.py b/tests/test_manifest_xml.py index f69e9cf8..6977b417 100644 --- a/tests/test_manifest_xml.py +++ b/tests/test_manifest_xml.py | |||
| @@ -298,8 +298,8 @@ class IncludeElementTests(ManifestParseTestCase): | |||
| 298 | # Check level2 proj group not removed. | 298 | # Check level2 proj group not removed. |
| 299 | self.assertIn('l2g1', proj.groups) | 299 | self.assertIn('l2g1', proj.groups) |
| 300 | 300 | ||
| 301 | def test_bad_name_checks(self): | 301 | def test_allow_bad_name_from_user(self): |
| 302 | """Check handling of bad name attribute.""" | 302 | """Check handling of bad name attribute from the user's input.""" |
| 303 | def parse(name): | 303 | def parse(name): |
| 304 | manifest = self.getXmlManifest(f""" | 304 | manifest = self.getXmlManifest(f""" |
| 305 | <manifest> | 305 | <manifest> |
| @@ -311,6 +311,34 @@ class IncludeElementTests(ManifestParseTestCase): | |||
| 311 | # Force the manifest to be parsed. | 311 | # Force the manifest to be parsed. |
| 312 | manifest.ToXml() | 312 | manifest.ToXml() |
| 313 | 313 | ||
| 314 | # Setup target of the include. | ||
| 315 | target = os.path.join(self.tempdir, 'target.xml') | ||
| 316 | with open(target, 'w') as fp: | ||
| 317 | fp.write('<manifest></manifest>') | ||
| 318 | |||
| 319 | # Include with absolute path. | ||
| 320 | parse(os.path.abspath(target)) | ||
| 321 | |||
| 322 | # Include with relative path. | ||
| 323 | parse(os.path.relpath(target, self.manifest_dir)) | ||
| 324 | |||
| 325 | def test_bad_name_checks(self): | ||
| 326 | """Check handling of bad name attribute.""" | ||
| 327 | def parse(name): | ||
| 328 | # Setup target of the include. | ||
| 329 | with open(os.path.join(self.manifest_dir, 'target.xml'), 'w') as fp: | ||
| 330 | fp.write(f'<manifest><include name="{name}"/></manifest>') | ||
| 331 | |||
| 332 | manifest = self.getXmlManifest(""" | ||
| 333 | <manifest> | ||
| 334 | <remote name="default-remote" fetch="http://localhost" /> | ||
| 335 | <default remote="default-remote" revision="refs/heads/main" /> | ||
| 336 | <include name="target.xml" /> | ||
| 337 | </manifest> | ||
| 338 | """) | ||
| 339 | # Force the manifest to be parsed. | ||
| 340 | manifest.ToXml() | ||
| 341 | |||
| 314 | # Handle empty name explicitly because a different codepath rejects it. | 342 | # Handle empty name explicitly because a different codepath rejects it. |
| 315 | with self.assertRaises(error.ManifestParseError): | 343 | with self.assertRaises(error.ManifestParseError): |
| 316 | parse('') | 344 | parse('') |