Note that I tried an evil remote that lists ImportLocations with
../../../ in them and indeed this resulted in git blowing up and the
import failing, and not writing outside the repo.
This commit is contained in:
Joey Hess 2019-03-06 17:07:29 -04:00
parent 8e9713b769
commit dec30d2b14
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
2 changed files with 17 additions and 7 deletions

View file

@ -231,6 +231,12 @@ remote, when it supports storing multiple versions of files. Since it
returns a history tree of lists of files, it can represent anything from a
linear history to a full branching version control history.
Note that listContents does not need to worry about generating an
ExportLocation that contains a ".." attack or an absolute path or other
such mischief. Since a git tree is built from the ExportLocations, and is
merged the same as a tree pulled from a regular git remote is,
git's usual safety measures avoid such attacks.
retrieveExportWithContentIdentifier is used when downloading a new file from
the remote that listContents found. retrieveExport can't be used because
it has a Key parameter and the key is not yet known in this case.