The current git-notes has no safety valves whatsoever, and will happily edit notes in, e.g., refs/remotes/. This is dangerous, as they will be overwritten during the next fetch of the remote they belong to. Since it is supposed to be a plumbing frontend for the notes feature, simply forbid editing notes with GIT_NOTES_REF pointing anywhere but refs/notes/*. Signed-off-by: Thomas Rast <trast@xxxxxxxxxxxxxxx> --- This is the only patch of substance in this series :-) I'm not sure if anyone uses a notes ref outside of refs/notes/ yet, so this may actually break some people's setups already. But now that we (at least me :-) offer notes for download in public repos, I can see people accidentally edit a remote notes ref. git-notes.sh | 4 ++++ t/t3301-notes.sh | 8 ++++++++ 2 files changed, 12 insertions(+), 0 deletions(-) diff --git a/git-notes.sh b/git-notes.sh index 6859470..6ec33c9 100755 --- a/git-notes.sh +++ b/git-notes.sh @@ -16,6 +16,10 @@ die "Invalid commit: $@" case "$ACTION" in edit) + if [ "${GIT_NOTES_REF#refs/notes/}" = "$GIT_NOTES_REF" ]; then + die "Refusing to edit notes in $GIT_NOTES_REF (outside of refs/notes/)" + fi + MESSAGE="$GIT_DIR"/new-notes-$COMMIT trap ' test -f "$MESSAGE" && rm "$MESSAGE" diff --git a/t/t3301-notes.sh b/t/t3301-notes.sh index b99271e..1503e79 100755 --- a/t/t3301-notes.sh +++ b/t/t3301-notes.sh @@ -35,6 +35,14 @@ test_expect_success 'need valid notes ref' ' ! GIT_NOTES_REF=/ git notes show ' +test_expect_success 'refusing to edit in refs/heads/' ' + ! MSG=1 GIT_NOTES_REF=refs/heads/bogus git notes edit +' + +test_expect_success 'refusing to edit in refs/remotes/' ' + ! MSG=1 GIT_NOTES_REF=refs/remotes/bogus git notes edit +' + # 1 indicates caught gracefully by die, 128 means git-show barked test_expect_success 'handle empty notes gracefully' ' git notes show ; test 1 = $? -- 1.6.2.rc0.288.g6852b -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html