summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2016-10-11 08:22:03 +0200
committerLukas Fleischer <lfleischer@archlinux.org>2016-10-11 08:36:40 +0200
commit29a5f94dab27cc64da6262b2f37bd856641ed292 (patch)
tree1d6a96cff746610a05e7eb75b723f81b14eeacc3
parent1492444ecbe68e4498a6f7ae0258c39ebbd47138 (diff)
downloadaur-29a5f94dab27cc64da6262b2f37bd856641ed292.tar.gz
aur-29a5f94dab27cc64da6262b2f37bd856641ed292.tar.xz
git-update: Catch long source URLs
Bail out early if the source array contains an entry with more than 8000 characters. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rwxr-xr-xaurweb/git/update.py3
-rwxr-xr-xtest/t1300-git-update.sh16
2 files changed, 19 insertions, 0 deletions
diff --git a/aurweb/git/update.py b/aurweb/git/update.py
index af2dfed8..3b84eb5d 100755
--- a/aurweb/git/update.py
+++ b/aurweb/git/update.py
@@ -337,6 +337,9 @@ def main():
for field in extract_arch_fields(pkginfo, 'source'):
fname = field['value']
+ if len(fname) > 8000:
+ die_commit('source entry too long: {:s}'.format(fname),
+ str(commit.id))
if "://" in fname or "lp:" in fname:
continue
if fname not in commit.tree:
diff --git a/test/t1300-git-update.sh b/test/t1300-git-update.sh
index abab7ead..a65ca3a1 100755
--- a/test/t1300-git-update.sh
+++ b/test/t1300-git-update.sh
@@ -370,6 +370,22 @@ test_expect_success 'Missing source file.' '
grep -q "^error: missing source file: file$" actual
'
+test_expect_success 'Pushing .SRCINFO with too long source URL.' '
+ old=$(git -C aur.git rev-parse HEAD) &&
+ url="http://$(printf "%7993s" x | sed "s/ /x/g")/" &&
+ test_when_finished "git -C aur.git reset --hard $old" &&
+ (
+ cd aur.git &&
+ sed "s#.*depends.*#\\0\\nsource = $url#" .SRCINFO >.SRCINFO.new
+ mv .SRCINFO.new .SRCINFO
+ git commit -q -am "Add huge source URL"
+ ) &&
+ new=$(git -C aur.git rev-parse HEAD) &&
+ AUR_USER=user AUR_PKGBASE=foobar AUR_PRIVILEGED=0 \
+ test_must_fail "$GIT_UPDATE" refs/heads/master "$old" "$new" >actual 2>&1 &&
+ grep -q "^error: source entry too long: $url\$" actual
+'
+
test_expect_success 'Pushing a blacklisted package.' '
old=$(git -C aur.git rev-parse HEAD) &&
test_when_finished "git -C aur.git reset --hard $old" &&