android/git-repo
1
Fork 0
mirror of https://gerrit.googlesource.com/git-repo synced 2025-07-09 08:29:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

manifest_xml: ban use of newlines in paths

Browse Source 
There should be no valid use of these anywhere, so just ban them
to make things easier for people.

Bug: https://crbug.com/gerrit/14156
Bug: https://crbug.com/gerrit/14200
Change-Id: I8d2cf988c510c98194c43a329a2b9bf313a3f0a8
Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/304662
Reviewed-by: Raman Tenneti <rtenneti@google.com>
Tested-by: Mike Frysinger <vapier@google.com>
This commit is contained in:
Mike Frysinger
2021-04-29 23:15:31 -04:00
parent aabf79d3f0
commit f69c7ee318
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/test_manifest_xml.py
View File

@ -52,6 +52,9 @@ INVALID_FS_PATHS = (
'blah/foo~',
# Block Unicode characters that get normalized out by filesystems.
u'foo\u200Cbar',
# Block newlines.
'f\n/bar',
'f\r/bar',
)
# Make sure platforms that use path separators (e.g. Windows) are also
@ -91,6 +94,11 @@ class ManifestParseTestCase(unittest.TestCase):
fp.write(data)
return manifest_xml.XmlManifest(self.repodir, self.manifest_file)
@staticmethod
def encodeXmlAttr(attr):
"""Encode |attr| using XML escape rules."""
return attr.replace('\r', '&#x000d;').replace('\n', '&#x000a;')
class ManifestValidateFilePaths(unittest.TestCase):
"""Check _ValidateFilePaths helper.
@ -303,6 +311,7 @@ class IncludeElementTests(ManifestParseTestCase):
def test_allow_bad_name_from_user(self):
"""Check handling of bad name attribute from the user's input."""
def parse(name):
name = self.encodeXmlAttr(name)
manifest = self.getXmlManifest(f"""
<manifest>
<remote name="default-remote" fetch="http://localhost" />
@ -327,6 +336,7 @@ class IncludeElementTests(ManifestParseTestCase):
def test_bad_name_checks(self):
"""Check handling of bad name attribute."""
def parse(name):
name = self.encodeXmlAttr(name)
# Setup target of the include.
with open(os.path.join(self.manifest_dir, 'target.xml'), 'w') as fp:
fp.write(f'<manifest><include name="{name}"/></manifest>')
@ -408,6 +418,8 @@ class ProjectElementTests(ManifestParseTestCase):
def test_trailing_slash(self):
"""Check handling of trailing slashes in attributes."""
def parse(name, path):
name = self.encodeXmlAttr(name)
path = self.encodeXmlAttr(path)
return self.getXmlManifest(f"""
<manifest>
<remote name="default-remote" fetch="http://localhost" />
@ -437,6 +449,8 @@ class ProjectElementTests(ManifestParseTestCase):
def test_toplevel_path(self):
"""Check handling of path=. specially."""
def parse(name, path):
name = self.encodeXmlAttr(name)
path = self.encodeXmlAttr(path)
return self.getXmlManifest(f"""
<manifest>
<remote name="default-remote" fetch="http://localhost" />
@ -453,6 +467,8 @@ class ProjectElementTests(ManifestParseTestCase):
def test_bad_path_name_checks(self):
"""Check handling of bad path & name attributes."""
def parse(name, path):
name = self.encodeXmlAttr(name)
path = self.encodeXmlAttr(path)
manifest = self.getXmlManifest(f"""
<manifest>
<remote name="default-remote" fetch="http://localhost" />