GitoxideLabs
diff --git a/‎gix-worktree-state/tests/fixtures/generated-archives/make_traverse_trees.tar.xz‎
11.9 KB b/‎gix-worktree-state/tests/fixtures/generated-archives/make_traverse_trees.tar.xz‎
11.9 KB
diff --git a/‎gix-worktree/tests/fixtures/make_traverse_trees.sh‎ renamed to ‎gix-worktree-state/tests/fixtures/make_traverse_trees.sh‎ b/‎gix-worktree/tests/fixtures/make_traverse_trees.sh‎ renamed to ‎gix-worktree-state/tests/fixtures/make_traverse_trees.sh‎
diff --git a/‎gix-worktree-state/tests/state/checkout.rs‎
Lines changed: 71 additions & 13 deletions b/‎gix-worktree-state/tests/state/checkout.rs‎
Lines changed: 71 additions & 13 deletions
diff --git a/‎gix-worktree/tests/fixtures/make_traverse_literal_separators.sh‎
Lines changed: 0 additions & 43 deletions b/‎gix-worktree/tests/fixtures/make_traverse_literal_separators.sh‎
Lines changed: 0 additions & 43 deletions
@@ -51,7 +51,7 @@ fn assure_is_empty(dir: impl AsRef<Path>) -> std::io::Result<()> {
 fn submodules_are_instantiated_as_directories() -> crate::Result {
     let mut opts = opts_from_probe();
     opts.overwrite_existing = false;
-    let (_source_tree, destination, _index, _outcome) = checkout_index_in_tmp_dir(opts.clone(), "make_mixed")?;
+    let (_source_tree, destination, _index, _outcome) = checkout_index_in_tmp_dir(opts.clone(), "make_mixed", None)?;
 
     for path in ["m1", "modules/m1"] {
         let sm = destination.path().join(path);
@@ -68,7 +68,7 @@ fn accidental_writes_through_symlinks_are_prevented_if_overwriting_is_forbidden(
     // without overwrite mode, everything is safe.
     opts.overwrite_existing = false;
     let (source_tree, destination, _index, outcome) =
-        checkout_index_in_tmp_dir(opts.clone(), "make_dangerous_symlink").unwrap();
+        checkout_index_in_tmp_dir(opts.clone(), "make_dangerous_symlink", None).unwrap();
 
     let source_files = dir_structure(&source_tree);
     let worktree_files = dir_structure(&destination);
@@ -109,7 +109,7 @@ fn writes_through_symlinks_are_prevented_even_if_overwriting_is_allowed() {
     // with overwrite mode
     opts.overwrite_existing = true;
     let (source_tree, destination, _index, outcome) =
-        checkout_index_in_tmp_dir(opts.clone(), "make_dangerous_symlink").unwrap();
+        checkout_index_in_tmp_dir(opts.clone(), "make_dangerous_symlink", None).unwrap();
 
     let source_files = dir_structure(&source_tree);
     let worktree_files = dir_structure(&destination);
@@ -144,8 +144,13 @@ fn delayed_driver_process() -> crate::Result {
     opts.filter_process_delay = gix_filter::driver::apply::Delay::Allow;
     opts.destination_is_initially_empty = false;
     setup_filter_pipeline(opts.filters.options_mut());
-    let (_source, destination, _index, outcome) =
-        checkout_index_in_tmp_dir_opts(opts, "make_mixed_without_submodules_and_symlinks", |_| true, |_| Ok(()))?;
+    let (_source, destination, _index, outcome) = checkout_index_in_tmp_dir_opts(
+        opts,
+        "make_mixed_without_submodules_and_symlinks",
+        None,
+        |_| true,
+        |_| Ok(()),
+    )?;
     assert_eq!(outcome.collisions.len(), 0);
     assert_eq!(outcome.errors.len(), 0);
     assert_eq!(outcome.files_updated, 5);
@@ -189,6 +194,7 @@ fn overwriting_files_and_lone_directories_works() -> crate::Result {
         let (source, destination, _index, outcome) = checkout_index_in_tmp_dir_opts(
             opts.clone(),
             "make_mixed",
+            None,
             |_| true,
             |d| {
                 let empty = d.join("empty");
@@ -254,7 +260,7 @@ fn symlinks_become_files_if_disabled() -> crate::Result {
     let mut opts = opts_from_probe();
     opts.fs.symlink = false;
     let (source_tree, destination, _index, outcome) =
-        checkout_index_in_tmp_dir(opts.clone(), "make_mixed_without_submodules")?;
+        checkout_index_in_tmp_dir(opts.clone(), "make_mixed_without_submodules", None)?;
 
     assert_equality(&source_tree, &destination, opts.fs.symlink)?;
     assert!(outcome.collisions.is_empty());
@@ -270,7 +276,7 @@ fn dangling_symlinks_can_be_created() -> crate::Result {
     }
 
     let (_source_tree, destination, _index, outcome) =
-        checkout_index_in_tmp_dir(opts.clone(), "make_dangling_symlink")?;
+        checkout_index_in_tmp_dir(opts.clone(), "make_dangling_symlink", None)?;
     let worktree_files = dir_structure(&destination);
     let worktree_files_stripped = stripped_prefix(&destination, &worktree_files);
 
@@ -291,7 +297,7 @@ fn allow_or_disallow_symlinks() -> crate::Result {
     for allowed in &[false, true] {
         opts.fs.symlink = *allowed;
         let (source_tree, destination, _index, outcome) =
-            checkout_index_in_tmp_dir(opts.clone(), "make_mixed_without_submodules")?;
+            checkout_index_in_tmp_dir(opts.clone(), "make_mixed_without_submodules", None)?;
 
         assert_equality(&source_tree, &destination, opts.fs.symlink)?;
         assert!(outcome.collisions.is_empty());
@@ -307,6 +313,7 @@ fn keep_going_collects_results() {
     let (_source_tree, destination, _index, outcome) = checkout_index_in_tmp_dir_opts(
         opts,
         "make_mixed_without_submodules",
+        None,
         |_id| {
             count
                 .fetch_update(Ordering::SeqCst, Ordering::SeqCst, |current| {
@@ -369,7 +376,7 @@ fn no_case_related_collisions_on_case_sensitive_filesystem() {
         return;
     }
     let (source_tree, destination, index, outcome) =
-        checkout_index_in_tmp_dir(opts.clone(), "make_ignorecase_collisions").unwrap();
+        checkout_index_in_tmp_dir(opts.clone(), "make_ignorecase_collisions", None).unwrap();
 
     assert!(outcome.collisions.is_empty());
     let num_files = assert_equality(&source_tree, &destination, opts.fs.symlink).unwrap();
@@ -384,6 +391,48 @@ fn no_case_related_collisions_on_case_sensitive_filesystem() {
     );
 }
 
+#[test]
+fn safety_checks_dotdot_trees() {
+    let mut opts = opts_from_probe();
+    let err =
+        checkout_index_in_tmp_dir(opts.clone(), "make_traverse_trees", Some("traverse_dotdot_trees")).unwrap_err();
+    let expected_err_msg = "Input path \"../outside\" contains relative or absolute components";
+    assert_eq!(err.source().expect("inner").to_string(), expected_err_msg);
+
+    opts.keep_going = true;
+    let (_source_tree, _destination, _index, outcome) =
+        checkout_index_in_tmp_dir(opts, "make_traverse_trees", Some("traverse_dotdot_trees"))
+            .expect("keep-going checks out as much as possible");
+    assert_eq!(outcome.errors.len(), 1, "one path could not be checked out");
+    assert_eq!(
+        outcome.errors[0].error.source().expect("inner").to_string(),
+        expected_err_msg
+    );
+}
+
+#[test]
+fn safety_checks_dotgit_trees() {
+    let opts = opts_from_probe();
+    let err =
+        checkout_index_in_tmp_dir(opts.clone(), "make_traverse_trees", Some("traverse_dotgit_trees")).unwrap_err();
+    assert_eq!(
+        err.source().expect("inner").to_string(),
+        "The .git name may never be used"
+    );
+}
+
+#[test]
+fn safety_checks_dotgit_ntfs_stream() {
+    let opts = opts_from_probe();
+    let err =
+        checkout_index_in_tmp_dir(opts.clone(), "make_traverse_trees", Some("traverse_dotgit_stream")).unwrap_err();
+    assert_eq!(
+        err.source().expect("inner").to_string(),
+        "The .git name may never be used",
+        "note how it is still discovered even though the path is `.git::$INDEX_ALLOCATION`"
+    );
+}
+
 #[test]
 fn collisions_are_detected_on_a_case_insensitive_filesystem_even_with_delayed_filters() {
     let mut opts = opts_from_probe();
@@ -394,7 +443,7 @@ fn collisions_are_detected_on_a_case_insensitive_filesystem_even_with_delayed_fi
     setup_filter_pipeline(opts.filters.options_mut());
     opts.filter_process_delay = gix_filter::driver::apply::Delay::Allow;
     let (source_tree, destination, _index, outcome) =
-        checkout_index_in_tmp_dir(opts, "make_ignorecase_collisions").unwrap();
+        checkout_index_in_tmp_dir(opts, "make_ignorecase_collisions", None).unwrap();
 
     let source_files = dir_structure(&source_tree);
     assert_eq!(
@@ -506,17 +555,26 @@ pub fn dir_structure<P: AsRef<std::path::Path>>(path: P) -> Vec<std::path::PathB
 fn checkout_index_in_tmp_dir(
     opts: gix_worktree_state::checkout::Options,
     name: &str,
+    subdir_name: Option<&str>,
 ) -> crate::Result<(PathBuf, TempDir, gix_index::File, gix_worktree_state::checkout::Outcome)> {
-    checkout_index_in_tmp_dir_opts(opts, name, |_d| true, |_| Ok(()))
+    checkout_index_in_tmp_dir_opts(opts, name, subdir_name, |_d| true, |_| Ok(()))
 }
 
 fn checkout_index_in_tmp_dir_opts(
     opts: gix_worktree_state::checkout::Options,
-    name: &str,
+    script_name: &str,
+    subdir_name: Option<&str>,
     allow_return_object: impl FnMut(&gix_hash::oid) -> bool + Send + Clone,
     prep_dest: impl Fn(&Path) -> std::io::Result<()>,
 ) -> crate::Result<(PathBuf, TempDir, gix_index::File, gix_worktree_state::checkout::Outcome)> {
-    let source_tree = fixture_path(name);
+    let source_tree = {
+        let root = fixture_path(script_name);
+        if let Some(name) = subdir_name {
+            root.join(name)
+        } else {
+            root
+        }
+    };
     let git_dir = source_tree.join(".git");
     let mut index = gix_index::File::at(git_dir.join("index"), gix_hash::Kind::Sha1, false, Default::default())?;
     let odb = gix_odb::at(git_dir.join("objects"))?.into_inner().into_arc()?;