From 95ca25ec7dc28fe5ae2e6c34da8737eb8d56b0e9 Mon Sep 17 00:00:00 2001 From: Justin Chadwell Date: Mon, 18 Mar 2024 15:21:10 +0100 Subject: [PATCH] git: ensure file-looking git refs aren't parsed as URLs URLs that look like `./path/to/file` and `../path/to/file` definitely aren't git URLs - so we should bail out early. This was causing a weird issue where if you copied `./.git` this would be detected as a valid url parsing with `host = "."` and `path = "/git"`. The fix for this is to make sure that for these explicit file-like paths, we *never* parse them as url-refs. Also some tests to make sure this doesn't break again! Signed-off-by: Justin Chadwell --- util/gitutil/git_ref.go | 4 +++- util/gitutil/git_ref_test.go | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/util/gitutil/git_ref.go b/util/gitutil/git_ref.go index 6d058f2d5bdd..8a78bc16d7ed 100644 --- a/util/gitutil/git_ref.go +++ b/util/gitutil/git_ref.go @@ -57,7 +57,9 @@ func ParseGitRef(ref string) (*GitRef, error) { err error ) - if strings.HasPrefix(ref, "github.com/") { + if strings.HasPrefix(ref, "./") || strings.HasPrefix(ref, "../") { + return nil, errdefs.ErrInvalidArgument + } else if strings.HasPrefix(ref, "github.com/") { res.IndistinguishableFromLocal = true // Deprecated remote = fromURL(&url.URL{ Scheme: "https", diff --git a/util/gitutil/git_ref_test.go b/util/gitutil/git_ref_test.go index 2adc68b2d02b..39b80739bce9 100644 --- a/util/gitutil/git_ref_test.go +++ b/util/gitutil/git_ref_test.go @@ -133,12 +133,21 @@ func TestParseGitRef(t *testing.T) { SubDir: "myfolder", }, }, + { + ref: "./.git", + expected: nil, + }, + { + ref: ".git", + expected: nil, + }, } for _, tt := range cases { tt := tt t.Run(tt.ref, func(t *testing.T) { got, err := ParseGitRef(tt.ref) if tt.expected == nil { + require.Nil(t, got) require.Error(t, err) } else { require.NoError(t, err)