Commit 29a5f94d authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

git-update: Catch long source URLs



Bail out early if the source array contains an entry with more than 8000
characters.
Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
parent 1492444e
......@@ -337,6 +337,9 @@ def main():
for field in extract_arch_fields(pkginfo, 'source'):
fname = field['value']
if len(fname) > 8000:
die_commit('source entry too long: {:s}'.format(fname),
str(commit.id))
if "://" in fname or "lp:" in fname:
continue
if fname not in commit.tree:
......
......@@ -370,6 +370,22 @@ test_expect_success 'Missing source file.' '
grep -q "^error: missing source file: file$" actual
'
test_expect_success 'Pushing .SRCINFO with too long source URL.' '
old=$(git -C aur.git rev-parse HEAD) &&
url="http://$(printf "%7993s" x | sed "s/ /x/g")/" &&
test_when_finished "git -C aur.git reset --hard $old" &&
(
cd aur.git &&
sed "s#.*depends.*#\\0\\nsource = $url#" .SRCINFO >.SRCINFO.new
mv .SRCINFO.new .SRCINFO
git commit -q -am "Add huge source URL"
) &&
new=$(git -C aur.git rev-parse HEAD) &&
AUR_USER=user AUR_PKGBASE=foobar AUR_PRIVILEGED=0 \
test_must_fail "$GIT_UPDATE" refs/heads/master "$old" "$new" >actual 2>&1 &&
grep -q "^error: source entry too long: $url\$" actual
'
test_expect_success 'Pushing a blacklisted package.' '
old=$(git -C aur.git rev-parse HEAD) &&
test_when_finished "git -C aur.git reset --hard $old" &&
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment