search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
run-command(win32): resolve the path to the Unix shell early
[git.git] / t / t4139-apply-escape.sh
blobe5c7439df13389a3caa9f3f76f70e31fea96c90b
1 #!/bin/sh
2
3 test_description='paths written by git-apply cannot escape the working tree'
4
5 TEST_PASSES_SANITIZE_LEAK=true
6 . ./test-lib.sh
7
8 # tests will try to write to ../foo, and we do not
9 # want them to escape the trash directory when they
10 # fail
11 test_expect_success 'bump git repo one level down' '
12 mkdir inside &&
13 mv .git inside/ &&
14 cd inside
15 '
16
17 # $1 = name of file
18 # $2 = current path to file (if different)
19 mkpatch_add () {
20 rm -f "${2:-$1}" &&
21 cat <<-EOF
22 diff --git a/$1 b/$1
23 new file mode 100644
24 index 0000000..53c74cd
25 --- /dev/null
26 +++ b/$1
27 @@ -0,0 +1 @@
28 +evil
29 EOF
30 }
31
32 mkpatch_del () {
33 echo evil >"${2:-$1}" &&
34 cat <<-EOF
35 diff --git a/$1 b/$1
36 deleted file mode 100644
37 index 53c74cd..0000000
38 --- a/$1
39 +++ /dev/null
40 @@ -1 +0,0 @@
41 -evil
42 EOF
43 }
44
45 # $1 = name of file
46 # $2 = content of symlink
47 mkpatch_symlink () {
48 rm -f "$1" &&
49 cat <<-EOF
50 diff --git a/$1 b/$1
51 new file mode 120000
52 index 0000000..$(printf "%s" "$2" | git hash-object --stdin)
53 --- /dev/null
54 +++ b/$1
55 @@ -0,0 +1 @@
56 +$2
57 \ No newline at end of file
58 EOF
59 }
60
61 test_expect_success 'cannot create file containing ..' '
62 mkpatch_add ../foo >patch &&
63 test_must_fail git apply patch &&
64 test_path_is_missing ../foo
65 '
66
67 test_expect_success 'can create file containing .. with --unsafe-paths' '
68 mkpatch_add ../foo >patch &&
69 git apply --unsafe-paths patch &&
70 test_path_is_file ../foo
71 '
72
73 test_expect_success 'cannot create file containing .. (index)' '
74 mkpatch_add ../foo >patch &&
75 test_must_fail git apply --index patch &&
76 test_path_is_missing ../foo
77 '
78
79 test_expect_success 'cannot create file containing .. with --unsafe-paths (index)' '
80 mkpatch_add ../foo >patch &&
81 test_must_fail git apply --index --unsafe-paths patch &&
82 test_path_is_missing ../foo
83 '
84
85 test_expect_success 'cannot delete file containing ..' '
86 mkpatch_del ../foo >patch &&
87 test_must_fail git apply patch &&
88 test_path_is_file ../foo
89 '
90
91 test_expect_success 'can delete file containing .. with --unsafe-paths' '
92 mkpatch_del ../foo >patch &&
93 git apply --unsafe-paths patch &&
94 test_path_is_missing ../foo
95 '
96
97 test_expect_success 'cannot delete file containing .. (index)' '
98 mkpatch_del ../foo >patch &&
99 test_must_fail git apply --index patch &&
100 test_path_is_file ../foo
101 '
102
103 test_expect_success SYMLINKS 'symlink escape via ..' '
104 {
105 mkpatch_symlink tmp .. &&
106 mkpatch_add tmp/foo ../foo
107 } >patch &&
108 test_must_fail git apply patch &&
109 test_path_is_missing tmp &&
110 test_path_is_missing ../foo
111 '
112
113 test_expect_success SYMLINKS 'symlink escape via .. (index)' '
114 {
115 mkpatch_symlink tmp .. &&
116 mkpatch_add tmp/foo ../foo
117 } >patch &&
118 test_must_fail git apply --index patch &&
119 test_path_is_missing tmp &&
120 test_path_is_missing ../foo
121 '
122
123 test_expect_success SYMLINKS 'symlink escape via absolute path' '
124 {
125 mkpatch_symlink tmp "$(pwd)" &&
126 mkpatch_add tmp/foo ../foo
127 } >patch &&
128 test_must_fail git apply patch &&
129 test_path_is_missing tmp &&
130 test_path_is_missing ../foo
131 '
132
133 test_expect_success SYMLINKS 'symlink escape via absolute path (index)' '
134 {
135 mkpatch_symlink tmp "$(pwd)" &&
136 mkpatch_add tmp/foo ../foo
137 } >patch &&
138 test_must_fail git apply --index patch &&
139 test_path_is_missing tmp &&
140 test_path_is_missing ../foo
141 '
142
143 test_done
The Best VCS Around