The current git-notes has no safety valves whatsoever, and will
happily edit notes in, e.g., refs/remotes/. This is dangerous, as
they will be overwritten during the next fetch of the remote they
belong to.
Since it is supposed to be a porcelain frontend for the notes feature,
simply forbid editing notes with GIT_NOTES_REF pointing anywhere but
refs/notes/*.
Signed-off-by: Thomas Rast <trast@xxxxxxxxxxxxxxx>
Acked-by: Johannes Schindelin <Johannes.Schindelin@xxxxxx>
---
Same as v1, except for s/plumbing/porcelain/ in the commit message.
git-notes.sh | 4 ++++
t/t3301-notes.sh | 8 ++++++++
2 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/git-notes.sh b/git-notes.sh
index 6859470..6ec33c9 100755
--- a/git-notes.sh
+++ b/git-notes.sh
@@ -16,6 +16,10 @@ die "Invalid commit: $@"
case "$ACTION" in
edit)
+ if [ "${GIT_NOTES_REF#refs/notes/}" = "$GIT_NOTES_REF" ]; then
+ die "Refusing to edit notes in $GIT_NOTES_REF (outside of refs/notes/)"
+ fi
+
MESSAGE="$GIT_DIR"/new-notes-$COMMIT
trap '
test -f "$MESSAGE" && rm "$MESSAGE"
diff --git a/t/t3301-notes.sh b/t/t3301-notes.sh
index 764fad5..f68d8ee 100755
--- a/t/t3301-notes.sh
+++ b/t/t3301-notes.sh
@@ -35,6 +35,14 @@ test_expect_success 'need valid notes ref' '
MSG=2 GIT_NOTES_REF=/ test_must_fail git notes show
'
+test_expect_success 'refusing to edit in refs/heads/' '
+ ! MSG=1 GIT_NOTES_REF=refs/heads/bogus git notes edit
+'
+
+test_expect_success 'refusing to edit in refs/remotes/' '
+ ! MSG=1 GIT_NOTES_REF=refs/remotes/bogus git notes edit
+'
+
# 1 indicates caught gracefully by die, 128 means git-show barked
test_expect_success 'handle empty notes gracefully' '
git notes show ; test 1 = $?
--
1.6.2.rc0.296.ge2122
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
