mirror of
https://github.com/git/git.git
synced 2025-01-16 20:43:33 +08:00
3a1f91cfd9
We taught rev-list a new way to separate options from revisions in
19e8789b23
(revision: allow --end-of-options to end option parsing,
2019-08-06), but rev-parse uses its own parser. It should know about
--end-of-options not only for consistency, but because it may be
presented with similarly ambiguous cases. E.g., if a caller does:
git rev-parse "$rev" -- "$path"
to parse an untrusted input, then it will get confused if $rev contains
an option-like string like "--local-env-vars". Or even "--not-real",
which we'd keep as an option to pass along to rev-list.
Or even more importantly:
git rev-parse --verify "$rev"
can be confused by options, even though its purpose is safely parsing
untrusted input. On the plus side, it will always fail the --verify
part, as it will not have parsed a revision, so the caller will
generally "fail closed" rather than continue to use the untrusted
string. But it will still trigger whatever option was in "$rev"; this
should be mostly harmless, since rev-parse options are all read-only,
but I didn't carefully audit all paths.
This patch lets callers write:
git rev-parse --end-of-options "$rev" -- "$path"
and:
git rev-parse --verify --end-of-options "$rev"
which will both treat "$rev" always as a revision parameter. The latter
is a bit clunky. It would be nicer if we had defined "--verify" to
require that its next argument be the revision. But we have not
historically done so, and:
git rev-parse --verify -q "$rev"
does currently work. I added a test here to confirm that we didn't break
that.
A few implementation notes:
- We don't document --end-of-options explicitly in commands, but rather
in gitcli(7). So I didn't give it its own section in git-rev-parse(1).
But I did call it out specifically in the --verify section, and
include it in the examples, which should show best practices.
- We don't have to re-indent the main option-parsing block, because we
can combine our "did we see end of options" check with "does it start
with a dash". The exception is the pre-setup options, which need
their own block.
- We do however have to pull the "--" parsing out of the "does it start
with dash" block, because we want to parse it even if we've seen
--end-of-options.
- We'll leave "--end-of-options" in the output. This is probably not
technically necessary, as a careful caller will do:
git rev-parse --end-of-options $revs -- $paths
and anything in $revs will be resolved to an object id. However, it
does help a slightly less careful caller like:
git rev-parse --end-of-options $revs_or_paths
where a path "--foo" will remain in the output as long as it also
exists on disk. In that case, it's helpful to retain --end-of-options
to get passed along to rev-list, s it would otherwise see just
"--foo".
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
161 lines
5.2 KiB
Bash
Executable File
161 lines
5.2 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# Copyright (c) 2008 Christian Couder
|
|
#
|
|
test_description='test git rev-parse --verify'
|
|
|
|
exec </dev/null
|
|
|
|
. ./test-lib.sh
|
|
|
|
add_line_into_file()
|
|
{
|
|
_line=$1
|
|
_file=$2
|
|
|
|
if [ -f "$_file" ]; then
|
|
echo "$_line" >> $_file || return $?
|
|
MSG="Add <$_line> into <$_file>."
|
|
else
|
|
echo "$_line" > $_file || return $?
|
|
git add $_file || return $?
|
|
MSG="Create file <$_file> with <$_line> inside."
|
|
fi
|
|
|
|
test_tick
|
|
git commit --quiet -m "$MSG" $_file
|
|
}
|
|
|
|
HASH1=
|
|
HASH2=
|
|
HASH3=
|
|
HASH4=
|
|
|
|
test_expect_success 'set up basic repo with 1 file (hello) and 4 commits' '
|
|
add_line_into_file "1: Hello World" hello &&
|
|
HASH1=$(git rev-parse --verify HEAD) &&
|
|
add_line_into_file "2: A new day for git" hello &&
|
|
HASH2=$(git rev-parse --verify HEAD) &&
|
|
add_line_into_file "3: Another new day for git" hello &&
|
|
HASH3=$(git rev-parse --verify HEAD) &&
|
|
add_line_into_file "4: Ciao for now" hello &&
|
|
HASH4=$(git rev-parse --verify HEAD)
|
|
'
|
|
|
|
test_expect_success 'works with one good rev' '
|
|
rev_hash1=$(git rev-parse --verify $HASH1) &&
|
|
test "$rev_hash1" = "$HASH1" &&
|
|
rev_hash2=$(git rev-parse --verify $HASH2) &&
|
|
test "$rev_hash2" = "$HASH2" &&
|
|
rev_hash3=$(git rev-parse --verify $HASH3) &&
|
|
test "$rev_hash3" = "$HASH3" &&
|
|
rev_hash4=$(git rev-parse --verify $HASH4) &&
|
|
test "$rev_hash4" = "$HASH4" &&
|
|
rev_master=$(git rev-parse --verify master) &&
|
|
test "$rev_master" = "$HASH4" &&
|
|
rev_head=$(git rev-parse --verify HEAD) &&
|
|
test "$rev_head" = "$HASH4"
|
|
'
|
|
|
|
test_expect_success 'fails with any bad rev or many good revs' '
|
|
test_must_fail git rev-parse --verify 2>error &&
|
|
grep "single revision" error &&
|
|
test_must_fail git rev-parse --verify foo 2>error &&
|
|
grep "single revision" error &&
|
|
test_must_fail git rev-parse --verify HEAD bar 2>error &&
|
|
grep "single revision" error &&
|
|
test_must_fail git rev-parse --verify baz HEAD 2>error &&
|
|
grep "single revision" error &&
|
|
test_must_fail git rev-parse --verify $HASH2 HEAD 2>error &&
|
|
grep "single revision" error
|
|
'
|
|
|
|
test_expect_success 'fails silently when using -q' '
|
|
test_must_fail git rev-parse --verify --quiet 2>error &&
|
|
test_must_be_empty error &&
|
|
test_must_fail git rev-parse -q --verify foo 2>error &&
|
|
test_must_be_empty error &&
|
|
test_must_fail git rev-parse --verify -q HEAD bar 2>error &&
|
|
test_must_be_empty error &&
|
|
test_must_fail git rev-parse --quiet --verify baz HEAD 2>error &&
|
|
test_must_be_empty error &&
|
|
test_must_fail git rev-parse -q --verify $HASH2 HEAD 2>error &&
|
|
test_must_be_empty error
|
|
'
|
|
|
|
test_expect_success 'fails silently when using -q with deleted reflogs' '
|
|
ref=$(git rev-parse HEAD) &&
|
|
git update-ref --create-reflog -m "message for refs/test" refs/test "$ref" &&
|
|
git reflog delete --updateref --rewrite refs/test@{0} &&
|
|
test_must_fail git rev-parse -q --verify refs/test@{0} >error 2>&1 &&
|
|
test_must_be_empty error
|
|
'
|
|
|
|
test_expect_success 'fails silently when using -q with not enough reflogs' '
|
|
ref=$(git rev-parse HEAD) &&
|
|
git update-ref --create-reflog -m "message for refs/test2" refs/test2 "$ref" &&
|
|
test_must_fail git rev-parse -q --verify refs/test2@{999} >error 2>&1 &&
|
|
test_must_be_empty error
|
|
'
|
|
|
|
test_expect_success 'succeeds silently with -q and reflogs that do not go far back enough in time' '
|
|
ref=$(git rev-parse HEAD) &&
|
|
git update-ref --create-reflog -m "message for refs/test3" refs/test3 "$ref" &&
|
|
git rev-parse -q --verify refs/test3@{1.year.ago} >actual 2>error &&
|
|
test_must_be_empty error &&
|
|
echo "$ref" >expect &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_expect_success 'no stdout output on error' '
|
|
test -z "$(git rev-parse --verify)" &&
|
|
test -z "$(git rev-parse --verify foo)" &&
|
|
test -z "$(git rev-parse --verify baz HEAD)" &&
|
|
test -z "$(git rev-parse --verify HEAD bar)" &&
|
|
test -z "$(git rev-parse --verify $HASH2 HEAD)"
|
|
'
|
|
|
|
test_expect_success 'use --default' '
|
|
git rev-parse --verify --default master &&
|
|
git rev-parse --verify --default master HEAD &&
|
|
git rev-parse --default master --verify &&
|
|
git rev-parse --default master --verify HEAD &&
|
|
git rev-parse --verify HEAD --default master &&
|
|
test_must_fail git rev-parse --verify foo --default master &&
|
|
test_must_fail git rev-parse --default HEAD --verify bar &&
|
|
test_must_fail git rev-parse --verify --default HEAD baz &&
|
|
test_must_fail git rev-parse --default foo --verify &&
|
|
test_must_fail git rev-parse --verify --default bar
|
|
'
|
|
|
|
test_expect_success 'master@{n} for various n' '
|
|
N=$(git reflog | wc -l) &&
|
|
Nm1=$(($N-1)) &&
|
|
Np1=$(($N+1)) &&
|
|
git rev-parse --verify master@{0} &&
|
|
git rev-parse --verify master@{1} &&
|
|
git rev-parse --verify master@{$Nm1} &&
|
|
test_must_fail git rev-parse --verify master@{$N} &&
|
|
test_must_fail git rev-parse --verify master@{$Np1}
|
|
'
|
|
|
|
test_expect_success SYMLINKS 'ref resolution not confused by broken symlinks' '
|
|
ln -s does-not-exist .git/refs/heads/broken &&
|
|
test_must_fail git rev-parse --verify broken
|
|
'
|
|
|
|
test_expect_success 'options can appear after --verify' '
|
|
git rev-parse --verify HEAD >expect &&
|
|
git rev-parse --verify -q HEAD >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_expect_success 'verify respects --end-of-options' '
|
|
git update-ref refs/heads/-tricky HEAD &&
|
|
git rev-parse --verify HEAD >expect &&
|
|
git rev-parse --verify --end-of-options -tricky >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_done
|