From f69c7ee3187eded54e83d2524fea423706380766 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Thu, 29 Apr 2021 23:15:31 -0400 Subject: manifest_xml: ban use of newlines in paths There should be no valid use of these anywhere, so just ban them to make things easier for people. Bug: https://crbug.com/gerrit/14156 Bug: https://crbug.com/gerrit/14200 Change-Id: I8d2cf988c510c98194c43a329a2b9bf313a3f0a8 Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/304662 Reviewed-by: Raman Tenneti Tested-by: Mike Frysinger --- manifest_xml.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'manifest_xml.py') diff --git a/manifest_xml.py b/manifest_xml.py index 0c2b45e5..64b7fb4e 100644 --- a/manifest_xml.py +++ b/manifest_xml.py @@ -1199,6 +1199,8 @@ https://gerrit.googlesource.com/git-repo/+/HEAD/docs/manifest-format.md if '~' in path: return '~ not allowed (due to 8.3 filenames on Windows filesystems)' + path_codepoints = set(path) + # Some filesystems (like Apple's HFS+) try to normalize Unicode codepoints # which means there are alternative names for ".git". Reject paths with # these in it as there shouldn't be any reasonable need for them here. @@ -1222,10 +1224,17 @@ https://gerrit.googlesource.com/git-repo/+/HEAD/docs/manifest-format.md u'\u206F', # NOMINAL DIGIT SHAPES u'\uFEFF', # ZERO WIDTH NO-BREAK SPACE } - if BAD_CODEPOINTS & set(path): + if BAD_CODEPOINTS & path_codepoints: # This message is more expansive than reality, but should be fine. return 'Unicode combining characters not allowed' + # Reject newlines as there shouldn't be any legitmate use for them, they'll + # be confusing to users, and they can easily break tools that expect to be + # able to iterate over newline delimited lists. This even applies to our + # own code like .repo/project.list. + if {'\r', '\n'} & path_codepoints: + return 'Newlines not allowed' + # Assume paths might be used on case-insensitive filesystems. path = path.lower() -- cgit v1.2.3-54-g00ecf