File tree 2 files changed +17
-0
lines changed
Filter options
2 files changed +17
-0
lines changed
Original file line number Diff line number Diff line change @@ -168,6 +168,8 @@ def _get_ref_info_helper(
168168 """Return: (str(sha), str(target_ref_path)) if available, the sha the file at
169169 rela_path points to, or None. target_ref_path is the reference we
170170 point to, or None"""
171+ if ".." in str (ref_path ):
172+ raise ValueError (f"Invalid reference '{ ref_path } )
171173 tokens : Union [None , List [str ], Tuple [str , str ]] = None
172174 repodir = _git_dir (repo , ref_path )
173175 try :
Original file line number Diff line number Diff line change 55# the BSD License: http://www.opensource.org/licenses/bsd-license.php
66
77from itertools import chain
8+ from pathlib import Path
89
910from git import (
1011 Reference ,
2021from git .objects .tag import TagObject
2122from test .lib import TestBase , with_rw_repo
2223from git .util import Actor
24+ from gitdb .exc import BadName
2325
2426import git .refs as refs
2527import os .path as osp
28+ import tempfile
2629
2730
2831class TestRefs (TestBase ):
@@ -616,3 +619,15 @@ def test_dereference_recursive(self):
616619
617620 def test_reflog (self ):
618621 assert isinstance (self .rorepo .heads .master .log (), RefLog )
622+
623+ def test_refs_outside_repo (self ):
624+ # Create a file containing a valid reference outside the repository. Attempting
625+ # to access it should raise an exception, due to it containing a parent directory
626+ # reference ('..'). This tests for CVE-2023-41040.
627+ git_dir = Path (self .rorepo .git_dir )
628+ repo_parent_dir = git_dir .parent .parent
629+ with tempfile .NamedTemporaryFile (dir = repo_parent_dir ) as ref_file :
630+ ref_file .write (b"91b464cd624fe22fbf54ea22b85a7e5cca507cfe" )
631+ ref_file .flush ()
632+ ref_file_name = Path (ref_file .name ).name
633+ self .assertRaises (BadName , self .rorepo .commit , f"../../{ ref_file_name } )
You can’t perform that action at this time.
0 commit comments