diff options
| author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-05-02 15:32:05 +0300 |
|---|---|---|
| committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-05-02 15:40:35 +0300 |
| commit | e134a10baea70bbf661a7ba4d9d3857809f87564 (patch) | |
| tree | 1da536b694021e1d7b939fc2c10373a9042d188f /_support | |
| parent | cc8901bc9389a9f85267fe820acc3777494ea337 (diff) | |
gittest: Do not run commands in seed Git repositories directly
While we already ensure that no seed test Git repositories are being
written into by running tests under a different user in our CI, we don't
check whether the repositories are used to spawn any read-only commands.
And this has in fact been fine until now: permissions were such that
this always worked.
This has changed with CVE-2022-24765 though: Git has started to operate
in repositories completely in case it is owned by a different user. As a
consequence, this breaks our testing infrastructure whenever a test is
trying to run a command in the test seed repositories directly given
that they're owned by `root`, and we ourselves run with UID 9999 in our
CI.
Luckily, commands like git-upload-pack(1) still work, which means that
we're still able to clone such repositories. And there are only very few
tests which don't first use e.g. `gittest.CloneRepository()` before
actually run commands directly in there, too, because we don't expose a
simple way to obtain the path of those seed repositories outside of the
`gittest` package. The only offenders are `gittest.ChecksumTestRepo()`
and `gittest.BundleTestRepo()`.
Refactor those two helper functions to instead operate on a cloned
repository instead of running commands in the seed repositories
directly. This fixes compatibility with all Git versions which include a
fix for above CVE.
Diffstat (limited to '_support')
0 files changed, 0 insertions, 0 deletions