[v2,4/4] submodule-config.c: strengthen URL fsck check

Message ID	b79b1a7178076be1d1a80212dfabd3c37587d443.1705542918.git.gitgitgadget@gmail.com (mailing list archive)
State	Accepted
Commit	8430b438f628f2f0df08622a550e750158167f28
Headers	show Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D892F2907 for <git@vger.kernel.org>; Thu, 18 Jan 2024 01:55:24 +0000 (UTC) Message-ID: <b79b1a7178076be1d1a80212dfabd3c37587d443.1705542918.git.gitgitgadget@gmail.com> In-Reply-To: <pull.1635.v2.git.1705542918.gitgitgadget@gmail.com> References: <pull.1635.git.1704822817.gitgitgadget@gmail.com> <pull.1635.v2.git.1705542918.gitgitgadget@gmail.com> Date: Thu, 18 Jan 2024 01:55:18 +0000 Subject: [PATCH v2 4/4] submodule-config.c: strengthen URL fsck check Fcc: Sent Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk MIME-Version: 1.0 To: git@vger.kernel.org Cc: Patrick Steinhardt <ps@pks.im>, Jeff King <peff@peff.net>, Victoria Dye <vdye@github.com>, Victoria Dye <vdye@github.com> From: Victoria Dye <vdye@github.com>
Series	Strengthen fsck checks for submodule URLs \| expand [v2,0/4] Strengthen fsck checks for submodule URLs [v2,1/4] submodule-config.h: move check_submodule_url [v2,2/4] test-submodule: remove command line handling for check-name [v2,3/4] t7450: test submodule urls [v2,4/4] submodule-config.c: strengthen URL fsck check

Message ID

b79b1a7178076be1d1a80212dfabd3c37587d443.1705542918.git.gitgitgadget@gmail.com (mailing list archive)

State

Accepted

Commit

8430b438f628f2f0df08622a550e750158167f28

Headers

Message-ID: 
 <b79b1a7178076be1d1a80212dfabd3c37587d443.1705542918.git.gitgitgadget@gmail.com>
In-Reply-To: <pull.1635.v2.git.1705542918.gitgitgadget@gmail.com>
References: <pull.1635.git.1704822817.gitgitgadget@gmail.com>
	<pull.1635.v2.git.1705542918.gitgitgadget@gmail.com>
Date: Thu, 18 Jan 2024 01:55:18 +0000
Subject: [PATCH v2 4/4] submodule-config.c: strengthen URL fsck check
Fcc: Sent
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
MIME-Version: 1.0
To: git@vger.kernel.org
Cc: Patrick Steinhardt <ps@pks.im>,
    Jeff King <peff@peff.net>,
    Victoria Dye <vdye@github.com>,
    Victoria Dye <vdye@github.com>
From: Victoria Dye <vdye@github.com>

Series

Strengthen fsck checks for submodule URLs | expand

Commit Message

Victoria Dye Jan. 18, 2024, 1:55 a.m. UTC

From: Victoria Dye <vdye@github.com>

Update the validation of "curl URL" submodule URLs (i.e. those that specify
an "http[s]" or "ftp[s]" protocol) in 'check_submodule_url()' to catch more
invalid URLs. The existing validation using 'credential_from_url_gently()'
parses certain URLs incorrectly, leading to invalid submodule URLs passing
'git fsck' checks. Conversely, 'url_normalize()' - used to validate remote
URLs in 'remote_get()' - correctly identifies the invalid URLs missed by
'credential_from_url_gently()'.

To catch more invalid cases, replace 'credential_from_url_gently()' with
'url_normalize()' followed by a 'url_decode()' and a check for newlines
(mirroring 'check_url_component()' in the 'credential_from_url_gently()'
validation).

Signed-off-by: Victoria Dye <vdye@github.com>
---
 submodule-config.c          | 16 +++++++++++-----
 t/t7450-bad-git-dotfiles.sh | 11 +----------
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/submodule-config.c b/submodule-config.c
index 3b295e9f89c..54130f6a385 100644
--- a/submodule-config.c
+++ b/submodule-config.c
@@ -15,7 +15,7 @@ 
 #include "thread-utils.h"
 #include "tree-walk.h"
 #include "url.h"
-#include "credential.h"
+#include "urlmatch.h"
 
 /*
  * submodule cache lookup structure
@@ -350,12 +350,18 @@  int check_submodule_url(const char *url)
 	}
 
 	else if (url_to_curl_url(url, &curl_url)) {
-		struct credential c = CREDENTIAL_INIT;
 		int ret = 0;
-		if (credential_from_url_gently(&c, curl_url, 1) ||
-		    !*c.host)
+		char *normalized = url_normalize(curl_url, NULL);
+		if (normalized) {
+			char *decoded = url_decode(normalized);
+			if (strchr(decoded, '\n'))
+				ret = -1;
+			free(normalized);
+			free(decoded);
+		} else {
 			ret = -1;
-		credential_clear(&c);
+		}
+
 		return ret;
 	}
 
diff --git a/t/t7450-bad-git-dotfiles.sh b/t/t7450-bad-git-dotfiles.sh
index c73b1c92ecc..46d4fb0354b 100755
--- a/t/t7450-bad-git-dotfiles.sh
+++ b/t/t7450-bad-git-dotfiles.sh
@@ -63,6 +63,7 @@  test_expect_success 'check urls' '
 	./%0ahost=example.com/foo.git
 	https://one.example.com/evil?%0ahost=two.example.com
 	https:///example.com/foo.git
+	http://example.com:test/foo.git
 	https::example.com/foo.git
 	http:::example.com/foo.git
 	EOF
@@ -70,16 +71,6 @@  test_expect_success 'check urls' '
 	test_cmp expect actual
 '
 
-# NEEDSWORK: the URL checked here is not valid (and will not work as a remote if
-# a user attempts to clone it), but the fsck check passes.
-test_expect_failure 'url check misses invalid cases' '
-	test-tool submodule check-url >actual <<-\EOF &&
-	http://example.com:test/foo.git
-	EOF
-
-	test_must_be_empty actual
-'
-
 test_expect_success 'create innocent subrepo' '
 	git init innocent &&
 	git -C innocent commit --allow-empty -m foo

[v2,4/4] submodule-config.c: strengthen URL fsck check

Commit Message

Patch