File _service:tar_scm:backport-CVE-2024-32004-t0411-... of Package git

File _service:tar_scm:backport-CVE-2024-32004-t0411-add-tests-for-cloning-from-partial-repo.patch of Package git

From 5c5a4a1c05932378d259b1fdd9526cab971656a2 Mon Sep 17 00:00:00 2001
From: Filip Hejsek <filip.hejsek@gmail.com>
Date: Sun, 28 Jan 2024 04:29:33 +0100
Subject: [PATCH] t0411: add tests for cloning from partial repo

Cloning from a partial repository must not fetch missing objects into
the partial repository, because that can lead to arbitrary code
execution.

Add a couple of test cases, pretending to the `upload-pack` command (and
to that command only) that it is working on a repository owned by
someone else.

Helped-by: Jeff King <peff@peff.net>
Signed-off-by: Filip Hejsek <filip.hejsek@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 t/t0411-clone-from-partial.sh | 60 +++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100755 t/t0411-clone-from-partial.sh

diff --git a/t/t0411-clone-from-partial.sh b/t/t0411-clone-from-partial.sh
new file mode 100755
index 000000000..fb72a0a9f
--- /dev/null
+++ b/t/t0411-clone-from-partial.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+test_description='check that local clone does not fetch from promisor remotes'
+
+. ./test-lib.sh
+
+test_expect_success 'create evil repo' '
+	git init tmp &&
+	test_commit -C tmp a &&
+	git -C tmp config uploadpack.allowfilter 1 &&
+	git clone --filter=blob:none --no-local --no-checkout tmp evil &&
+	rm -rf tmp &&
+
+	git -C evil config remote.origin.uploadpack \"\$TRASH_DIRECTORY/fake-upload-pack\" &&
+	write_script fake-upload-pack <<-\EOF &&
+		echo >&2 "fake-upload-pack running"
+		>"$TRASH_DIRECTORY/script-executed"
+		exit 1
+	EOF
+	export TRASH_DIRECTORY &&
+
+	# empty shallow file disables local clone optimization
+	>evil/.git/shallow
+'
+
+test_expect_failure 'local clone must not fetch from promisor remote and execute script' '
+	rm -f script-executed &&
+	test_must_fail git clone \
+		--upload-pack="GIT_TEST_ASSUME_DIFFERENT_OWNER=true git-upload-pack" \
+		evil clone1 2>err &&
+	! grep "fake-upload-pack running" err &&
+	test_path_is_missing script-executed
+'
+
+test_expect_failure 'clone from file://... must not fetch from promisor remote and execute script' '
+	rm -f script-executed &&
+	test_must_fail git clone \
+		--upload-pack="GIT_TEST_ASSUME_DIFFERENT_OWNER=true git-upload-pack" \
+		"file://$(pwd)/evil" clone2 2>err &&
+	! grep "fake-upload-pack running" err &&
+	test_path_is_missing script-executed
+'
+
+test_expect_failure 'fetch from file://... must not fetch from promisor remote and execute script' '
+	rm -f script-executed &&
+	test_must_fail git fetch \
+		--upload-pack="GIT_TEST_ASSUME_DIFFERENT_OWNER=true git-upload-pack" \
+		"file://$(pwd)/evil" 2>err &&
+	! grep "fake-upload-pack running" err &&
+	test_path_is_missing script-executed
+'
+
+test_expect_success 'pack-objects should fetch from promisor remote and execute script' '
+	rm -f script-executed &&
+	echo "HEAD" | test_must_fail git -C evil pack-objects --revs --stdout >/dev/null 2>err &&
+	grep "fake-upload-pack running" err &&
+	test_path_is_file script-executed
+'
+
+test_done
-- 
2.33.0