recreate git config during update to prevent config alteration

dduzgun-security · dduzgun-security · commit 9906874a2391 · 2024-06-20T10:06:56.000-04:00
diff --git a/get_git.go b/get_git.go
@@ -125,7 +125,7 @@ func (g *GitGetter) Get(dst string, u *url.URL) error {
 		return err
 	}
 	if err == nil {
-		err = g.update(ctx, dst, sshKeyFile, ref, depth)
+		err = g.update(ctx, dst, sshKeyFile, u, ref, depth)
 	} else {
 		err = g.clone(ctx, dst, sshKeyFile, u, ref, depth)
 	}
@@ -228,21 +228,48 @@ func (g *GitGetter) clone(ctx context.Context, dst, sshKeyFile string, u *url.UR
 	return nil
 }
 
-func (g *GitGetter) update(ctx context.Context, dst, sshKeyFile, ref string, depth int) error {
-	// Determine if we're a branch. If we're NOT a branch, then we just
-	// switch to master prior to checking out
-	cmd := exec.CommandContext(ctx, "git", "show-ref", "-q", "--verify", "refs/heads/"+ref)
+func (g *GitGetter) update(ctx context.Context, dst, sshKeyFile string, u *url.URL, ref string, depth int) error {
+	// Remove all variations of .git directories
+	err := removeCaseInsensitiveGitDirectory(dst)
+	if err != nil {
+		return err
+	}
+
+	// Initialize the git repository
+	cmd := exec.CommandContext(ctx, "git", "init")
 	cmd.Dir = dst
+	err = getRunCommand(cmd)
+	if err != nil {
+		return err
+	}
 
-	if getRunCommand(cmd) != nil {
-		// Not a branch, switch to default branch. This will also catch
-		// non-existent branches, in which case we want to switch to default
-		// and then checkout the proper branch later.
-		ref = findDefaultBranch(ctx, dst)
+	// Add the git remote
+	cmd = exec.CommandContext(ctx, "git", "remote", "add", "origin", "--", u.String())
+	cmd.Dir = dst
+	err = getRunCommand(cmd)
+	if err != nil {
+		return err
 	}
 
-	// We have to be on a branch to pull
-	if err := g.checkout(ctx, dst, ref); err != nil {
+	// Fetch the remote ref
+	cmd = exec.CommandContext(ctx, "git", "fetch", "origin", "--", ref)
+	cmd.Dir = dst
+	err = getRunCommand(cmd)
+	if err != nil {
+		return err
+	}
+
+	// Reset the branch to the fetched ref
+	cmd = exec.CommandContext(ctx, "git", "reset", "--hard", "FETCH_HEAD")
+	cmd.Dir = dst
+	err = getRunCommand(cmd)
+	if err != nil {
+		return err
+	}
+
+	// Checkout ref branch
+	err = g.checkout(ctx, dst, ref)
+	if err != nil {
 		return err
 	}
 
@@ -377,3 +404,20 @@ func checkGitVersion(ctx context.Context, min string) error {
 
 	return nil
 }
+
+// removeCaseInsensitiveGitDirectory removes all .git directory variations
+func removeCaseInsensitiveGitDirectory(dst string) error {
+	files, err := os.ReadDir(dst)
+	if err != nil {
+		return fmt.Errorf("Failed to read the destination directory %s during git update", dst)
+	}
+	for _, f := range files {
+		if strings.EqualFold(f.Name(), ".git") && f.IsDir() {
+			err := os.RemoveAll(filepath.Join(dst, f.Name()))
+			if err != nil {
+				return fmt.Errorf("Failed to remove the .git directory in the destination directory %s during git update", dst)
+			}
+		}
+	}
+	return nil
+}
diff --git a/get_git_test.go b/get_git_test.go
@@ -866,6 +866,123 @@ func TestGitGetter_BadRemoteUrl(t *testing.T) {
 	}
 }
 
+func TestGitGetter_BadGitConfig(t *testing.T) {
+	if !testHasGit {
+		t.Log("git not found, skipping")
+		t.Skip()
+	}
+
+	ctx := context.Background()
+	g := new(GitGetter)
+	dst := tempDir(t)
+
+	url, err := url.Parse("https://github.com/hashicorp/go-getter")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = os.Stat(dst)
+	if err != nil && !os.IsNotExist(err) {
+		t.Fatalf(err.Error())
+	}
+	if err == nil {
+		// Update the repository containing the bad git config.
+		// This should remove the bad git config file and initialize a new one.
+		err = g.update(ctx, dst, testGitToken, url, "main", 1)
+	} else {
+		// Clone a repository with a git config file
+		err = g.clone(ctx, dst, testGitToken, url, "main", 1)
+		if err != nil {
+			t.Fatalf(err.Error())
+		}
+
+		// Edit the git config file to simulate a bad git config
+		gitConfigPath := filepath.Join(dst, ".git", "config")
+		err = os.WriteFile(gitConfigPath, []byte("bad config"), 0600)
+		if err != nil {
+			t.Fatalf(err.Error())
+		}
+
+		// Update the repository containing the bad git config.
+		// This should remove the bad git config file and initialize a new one.
+		err = g.update(ctx, dst, testGitToken, url, "main", 1)
+	}
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	// Check if the .git/config file contains "bad config"
+	gitConfigPath := filepath.Join(dst, ".git", "config")
+	configBytes, err := os.ReadFile(gitConfigPath)
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+	if strings.Contains(string(configBytes), "bad config") {
+		t.Fatalf("The .git/config file contains 'bad config'")
+	}
+}
+
+func TestGitGetter_BadGitDirName(t *testing.T) {
+	if !testHasGit {
+		t.Log("git not found, skipping")
+		t.Skip()
+	}
+
+	ctx := context.Background()
+	g := new(GitGetter)
+	dst := tempDir(t)
+
+	url, err := url.Parse("https://github.com/hashicorp/go-getter")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = os.Stat(dst)
+	if err != nil && !os.IsNotExist(err) {
+		t.Fatalf(err.Error())
+	}
+	if err == nil {
+		// Remove all variations of .git directories
+		err = removeCaseInsensitiveGitDirectory(dst)
+		if err != nil {
+			t.Fatalf(err.Error())
+		}
+	} else {
+		// Clone a repository with a git directory
+		err = g.clone(ctx, dst, testGitToken, url, "main", 1)
+		if err != nil {
+			t.Fatalf(err.Error())
+		}
+
+		// Rename the .git directory to .GIT
+		oldPath := filepath.Join(dst, ".git")
+		newPath := filepath.Join(dst, ".GIT")
+		err = os.Rename(oldPath, newPath)
+		if err != nil {
+			t.Fatalf(err.Error())
+		}
+
+		// Remove all variations of .git directories
+		err = removeCaseInsensitiveGitDirectory(dst)
+		if err != nil {
+			t.Fatalf(err.Error())
+		}
+	}
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	// Check if the .GIT directory exists
+	if _, err := os.Stat(filepath.Join(dst, ".GIT")); !os.IsNotExist(err) {
+		t.Fatalf(".GIT directory still exists")
+	}
+
+	// Check if the .git directory exists
+	if _, err := os.Stat(filepath.Join(dst, ".git")); !os.IsNotExist(err) {
+		t.Fatalf(".git directory still exists")
+	}
+}
+
 // gitRepo is a helper struct which controls a single temp git repo.
 type gitRepo struct {
 	t   *testing.T
