Stefan Beller wrote: > submodule.<name>.update can be assigned an arbitrary command via setting > it to "!command". When this command is found in the regular config, Git > ought to just run that command instead of other update mechanisms. > > However if that command is just found in the .gitmodules file, it is > potentially untrusted, which is why we do not run it. Add a test > confirming the behavior. > > Suggested-by: Jonathan Nieder <jrnieder@xxxxxxxxx> > Signed-off-by: Stefan Beller <sbeller@xxxxxxxxxx> > --- > t/t7406-submodule-update.sh | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/t/t7406-submodule-update.sh b/t/t7406-submodule-update.sh > index 034914a14f..780af4e6f5 100755 > --- a/t/t7406-submodule-update.sh > +++ b/t/t7406-submodule-update.sh > @@ -406,6 +406,16 @@ test_expect_success 'submodule update - command in .git/config' ' > ) > ' > > +test_expect_success 'submodule update - command in .gitmodules is ignored' ' > + test_when_finished "git -C super reset --hard HEAD^" && > + > + git -C super config -f .gitmodules submodule.submodule.update "!false || echo >bad" && What does the '!false || echo >bad' do? Ideally we want this test to be super robust: e.g. if it runs the command but from a different directory, we still want the test to fail, and if it runs the command but using exec instead of a shell, we still want the test to fail. Maybe write_script would help with this. E.g. would something like test_when_finished ... && write_script must_not_run.sh <<-EOF && >$TEST_DIRECTORY/bad EOF git -C super config -f .gitmodules submodule.submodule.update \ "!$TEST_DIRECTORY/must_not_run.sh" && ... work? Thanks, Jonathan
