From c11e9142d2a1b04004dcbed282dc1e04d116e03f Mon Sep 17 00:00:00 2001 From: Paul Cristian Sarbu Date: Tue, 13 Jun 2023 17:35:05 +0200 Subject: ReadTree: Add check for non-upwards symlinks... ...as early as possible. This ensures that callers always receive only the tree entries for the supported object types. For the symlinks non-upwardness check we pass a lambda capturing the real backend of the tree entries, such that the symlinks can be read. Updates git_tree tests accordingly. --- .../execution_api/remote/bazel/bazel_network.cpp | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'src/buildtool/execution_api/remote/bazel') diff --git a/src/buildtool/execution_api/remote/bazel/bazel_network.cpp b/src/buildtool/execution_api/remote/bazel/bazel_network.cpp index 159a848e..60ed22e1 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_network.cpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_network.cpp @@ -42,9 +42,32 @@ namespace { auto blobs = network->ReadBlobs({digest}).Next(); if (blobs.size() == 1) { auto const& content = blobs.at(0).data; + auto check_symlinks = + [&network](std::vector const& ids) { + auto size = ids.size(); + auto reader = network->ReadBlobs(ids); + auto blobs = reader.Next(); + std::size_t count{}; + while (not blobs.empty()) { + if (count + blobs.size() > size) { + Logger::Log(LogLevel::Debug, + "received more blobs than requested."); + return false; + } + for (auto const& blob : blobs) { + if (not PathIsNonUpwards(blob.data)) { + return false; + } + } + count += blobs.size(); + blobs = reader.Next(); + } + return true; + }; return GitRepo::ReadTreeData( content, HashFunction::ComputeTreeHash(content).Bytes(), + check_symlinks, /*is_hex_id=*/false); } Logger::Log(LogLevel::Error, -- cgit v1.2.3