• Home
• org.openrewrite.tools
• jgit
• 1.2.0
• source code
• SubmoduleValidator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.openrewrite.jgit.internal.submodule.SubmoduleValidator Maven / Gradle / Ivy

/*
 * Copyright (C) 2018, Google LLC. and others
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Distribution License v. 1.0 which is available at
 * https://www.eclipse.org/org/documents/edl-v10.php.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
package org.openrewrite.jgit.internal.submodule;

import static org.openrewrite.jgit.lib.ConfigConstants.CONFIG_KEY_PATH;
import static org.openrewrite.jgit.lib.ConfigConstants.CONFIG_KEY_URL;
import static org.openrewrite.jgit.lib.ConfigConstants.CONFIG_SUBMODULE_SECTION;
import static org.openrewrite.jgit.lib.ObjectChecker.ErrorType.GITMODULES_NAME;
import static org.openrewrite.jgit.lib.ObjectChecker.ErrorType.GITMODULES_PARSE;
import static org.openrewrite.jgit.lib.ObjectChecker.ErrorType.GITMODULES_PATH;
import static org.openrewrite.jgit.lib.ObjectChecker.ErrorType.GITMODULES_URL;

import java.text.MessageFormat;

import org.openrewrite.jgit.errors.ConfigInvalidException;
import org.openrewrite.jgit.internal.JGitText;
import org.openrewrite.jgit.lib.Config;
import org.openrewrite.jgit.lib.ObjectChecker;

/**
 * Validations for the git submodule fields (name, path, uri).
 *
 * Invalid values in these fields can cause security problems as reported in
 * CVE-2018-11235 and CVE-2018-17456
 */
public class SubmoduleValidator {

	/**
	 * Error validating a git submodule declaration
	 */
	public static class SubmoduleValidationException extends Exception {

		private static final long serialVersionUID = 1L;

		private final ObjectChecker.ErrorType fsckMessageId;

		/**
		 * @param message
		 *            Description of the problem
		 * @param fsckMessageId
		 *            Error identifier, following the git fsck fsck.
		 *            format
		 */
		SubmoduleValidationException(String message,
				ObjectChecker.ErrorType fsckMessageId) {
			super(message);
			this.fsckMessageId = fsckMessageId;
		}


		/**
		 * @return the error identifier
		 */
		public ObjectChecker.ErrorType getFsckMessageId() {
			return fsckMessageId;
		}
	}

	/**
	 * Validate name for a submodule
	 *
	 * @param name
	 *            name of a submodule
	 * @throws SubmoduleValidationException
	 *             name doesn't seem valid (detail in message)
	 */
	public static void assertValidSubmoduleName(String name)
			throws SubmoduleValidationException {
		if (name.contains("/../") || name.contains("\\..\\") //$NON-NLS-1$ //$NON-NLS-2$
				|| name.startsWith("../") || name.startsWith("..\\") //$NON-NLS-1$ //$NON-NLS-2$
				|| name.endsWith("/..") || name.endsWith("\\..")) { //$NON-NLS-1$ //$NON-NLS-2$
			// Submodule names are used to store the submodule repositories
			// under $GIT_DIR/modules. Having ".." in submodule names makes a
			// vulnerability (CVE-2018-11235
			// https://bugs.eclipse.org/bugs/show_bug.cgi?id=535027#c0)
			// Reject names containing ".." path segments. We don't
			// automatically replace these characters or canonicalize by
			// regarding the name as a file path.
			// Since Path class is platform dependent, we manually check '/' and
			// '\\' patterns here.
			throw new SubmoduleValidationException(MessageFormat
					.format(JGitText.get().invalidNameContainsDotDot, name),
					GITMODULES_NAME);
		}

		if (name.startsWith("-")) { //$NON-NLS-1$
			throw new SubmoduleValidationException(
					MessageFormat.format(
							JGitText.get().submoduleNameInvalid, name),
					GITMODULES_NAME);
		}
	}

	/**
	 * Validate URI for a submodule
	 *
	 * @param uri
	 *            uri of a submodule
	 * @throws SubmoduleValidationException
	 *             uri doesn't seem valid
	 */
	public static void assertValidSubmoduleUri(String uri)
			throws SubmoduleValidationException {
		if (uri.startsWith("-")) { //$NON-NLS-1$
			throw new SubmoduleValidationException(
					MessageFormat.format(
							JGitText.get().submoduleUrlInvalid, uri),
					GITMODULES_URL);
		}
	}

	/**
	 * Validate path for a submodule
	 *
	 * @param path
	 *            path of a submodule
	 * @throws SubmoduleValidationException
	 *             path doesn't look right
	 */
	public static void assertValidSubmodulePath(String path)
			throws SubmoduleValidationException {
		if (path.startsWith("-")) { //$NON-NLS-1$
			throw new SubmoduleValidationException(
					MessageFormat.format(
							JGitText.get().submodulePathInvalid, path),
					GITMODULES_PATH);
		}
	}

	/**
	 * Validate a .gitmodules file
	 *
	 * @param gitModulesContents
	 *            Contents of a .gitmodule file. They will be parsed internally.
	 * @throws SubmoduleValidationException
	 *             if the contents don't look like a configuration file or field
	 *             values are not valid
	 */
	public static void assertValidGitModulesFile(String gitModulesContents)
			throws SubmoduleValidationException {
		Config c = new Config();
		try {
			c.fromText(gitModulesContents);
			for (String subsection :
					c.getSubsections(CONFIG_SUBMODULE_SECTION)) {
				assertValidSubmoduleName(subsection);

				String url = c.getString(
						CONFIG_SUBMODULE_SECTION, subsection, CONFIG_KEY_URL);
				if (url != null) {
					assertValidSubmoduleUri(url);
				}

				String path = c.getString(
						CONFIG_SUBMODULE_SECTION, subsection, CONFIG_KEY_PATH);
				if (path != null) {
					assertValidSubmodulePath(path);
				}
			}
		} catch (ConfigInvalidException e) {
			SubmoduleValidationException sve = new SubmoduleValidationException(
					JGitText.get().invalidGitModules, GITMODULES_PARSE);
			sve.initCause(e);
			throw sve;
		}
	}
}