Prevent directory traversal (along piecemeal way, with minor fix.)

See <f656edfe35651b54eec50d814e79d079f8eea7c4>. Sanitizes «...git» in addition to other sanitization. Adds unit and integration test.
snow-xf · Jun 17, 2020 · 249aabd · 249aabd
1 parent f656edf
commit 249aabd
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 3 deletions.
diff --git a/IntegrationTests/relink-conflicting-not-checked-in-symlink.bats b/IntegrationTests/relink-conflicting-not-checked-in-symlink.bats
@@ -72,3 +72,24 @@ carthage-and-check-project-symlink() {
 	carthage-and-check-project-symlink update --no-build --no-use-binaries
 
 }
+
+@test "with conflicting not-checked-in symlink in «Carthage/Checkouts» of dependency pathologically named «...git», carthage «bootstrap, update, update» should — sanitizing throughout — unlink, then write symlink there" {
+
+	mv "${extracted_directory:?}/SourceRepos/TestFramework1" "${extracted_directory}/SourceRepos/...git"
+
+	rm Cartfile
+
+	cat > Cartfile <<-EOF
+		git "file://${extracted_directory}/SourceRepos/...git" "relink-conflicting-not-checked-in-syminks"
+	EOF
+
+	carthage bootstrap --no-build --no-use-binaries
+	check-symlink "$(project_directory)/Carthage/Checkouts/．．/Carthage/Checkouts/TestFramework2"
+	# carthage should have sanitized the former «TestFramework1» from «...git» to non–path-traversing «．．»…
+
+	carthage update --no-build --no-use-binaries
+	check-symlink "$(project_directory)/Carthage/Checkouts/．．/Carthage/Checkouts/TestFramework2"
+
+	carthage update --no-build --no-use-binaries
+	check-symlink "$(project_directory)/Carthage/Checkouts/．．/Carthage/Checkouts/TestFramework2"
+}
diff --git a/Source/CarthageKit/GitURL.swift b/Source/CarthageKit/GitURL.swift
@@ -52,8 +52,7 @@ public struct GitURL {
 			.split(omittingEmptySubsequences: true) { $0 == "/" }
 			.last
 			.map(String.init)
-
-		precondition(lastComponent != .some("")) /* because of `omittingEmptySubsequences` */
+			.map(strippingGitSuffix)
 
 		/// Potentially used to prevent backwards or noop directory traversal via «FULL STOP» characters…
 		/// …by deploying the «FULLWIDTH FULL STOP» character.
@@ -67,7 +66,7 @@ public struct GitURL {
 			return String(replacementForEntirelyCharactersOfFullStop)
 		}
 
-		return lastComponent.map(strippingGitSuffix)
+		return lastComponent
 	}
 
 	public init(_ urlString: String) {

diff --git a/Tests/CarthageKitTests/DependencySpec.swift b/Tests/CarthageKitTests/DependencySpec.swift
@@ -143,6 +143,12 @@ class DependencySpec: QuickSpec {
 						expect(dependency.name) == "\u{FF0E}\u{FF0E}"
 					}
 
+					it("should sanitize if the given URL string is (pathologically) «...git»") {
+						let dependency = Dependency.git(GitURL("...git"))
+
+						expect(dependency.name) == "\u{FF0E}\u{FF0E}"
+					}
+
 					it ("should be the directory name if the given URL string is (pathologically) prefixed by «../» with (pathologically) no URL scheme") {
 						let dependency = Dependency.git(GitURL("../myproject"))