diff options
author | Lukas Fleischer <lfleischer@archlinux.org> | 2016-10-11 08:22:03 +0200 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2016-10-11 08:36:40 +0200 |
commit | 29a5f94dab27cc64da6262b2f37bd856641ed292 (patch) | |
tree | 1d6a96cff746610a05e7eb75b723f81b14eeacc3 | |
parent | 1492444ecbe68e4498a6f7ae0258c39ebbd47138 (diff) | |
download | aur-29a5f94dab27cc64da6262b2f37bd856641ed292.tar.gz aur-29a5f94dab27cc64da6262b2f37bd856641ed292.tar.xz |
git-update: Catch long source URLs
Bail out early if the source array contains an entry with more than 8000
characters.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rwxr-xr-x | aurweb/git/update.py | 3 | ||||
-rwxr-xr-x | test/t1300-git-update.sh | 16 |
2 files changed, 19 insertions, 0 deletions
diff --git a/aurweb/git/update.py b/aurweb/git/update.py index af2dfed8..3b84eb5d 100755 --- a/aurweb/git/update.py +++ b/aurweb/git/update.py @@ -337,6 +337,9 @@ def main(): for field in extract_arch_fields(pkginfo, 'source'): fname = field['value'] + if len(fname) > 8000: + die_commit('source entry too long: {:s}'.format(fname), + str(commit.id)) if "://" in fname or "lp:" in fname: continue if fname not in commit.tree: diff --git a/test/t1300-git-update.sh b/test/t1300-git-update.sh index abab7ead..a65ca3a1 100755 --- a/test/t1300-git-update.sh +++ b/test/t1300-git-update.sh @@ -370,6 +370,22 @@ test_expect_success 'Missing source file.' ' grep -q "^error: missing source file: file$" actual ' +test_expect_success 'Pushing .SRCINFO with too long source URL.' ' + old=$(git -C aur.git rev-parse HEAD) && + url="http://$(printf "%7993s" x | sed "s/ /x/g")/" && + test_when_finished "git -C aur.git reset --hard $old" && + ( + cd aur.git && + sed "s#.*depends.*#\\0\\nsource = $url#" .SRCINFO >.SRCINFO.new + mv .SRCINFO.new .SRCINFO + git commit -q -am "Add huge source URL" + ) && + new=$(git -C aur.git rev-parse HEAD) && + AUR_USER=user AUR_PKGBASE=foobar AUR_PRIVILEGED=0 \ + test_must_fail "$GIT_UPDATE" refs/heads/master "$old" "$new" >actual 2>&1 && + grep -q "^error: source entry too long: $url\$" actual +' + test_expect_success 'Pushing a blacklisted package.' ' old=$(git -C aur.git rev-parse HEAD) && test_when_finished "git -C aur.git reset --hard $old" && |