external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

git-serve: check update hook permissions

Browse source 
Verify that the update hook exists and is executable before running Git
to prevent from broken repositories when permissions are broken.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2019-11-23 11:13:36 -05:00
parent 86e4cd0731
commit 771ced3236
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
aurweb/exceptions.py
View file

@ -16,6 +16,12 @@ class PermissionDeniedException(AurwebException):
super(PermissionDeniedException, self).__init__(msg) super(PermissionDeniedException, self).__init__(msg)
class BrokenUpdateHookException(AurwebException):
def __init__(self, cmd):
msg = 'broken update hook: {:s}'.format(cmd)
super(BrokenUpdateHookException, self).__init__(msg)
class InvalidUserException(AurwebException): class InvalidUserException(AurwebException):
def __init__(self, user): def __init__(self, user):
msg = 'unknown user: {:s}'.format(user) msg = 'unknown user: {:s}'.format(user)

3
aurweb/git/serve.py
View file

@ -496,6 +496,9 @@ def serve(action, cmdargv, user, privileged, remote_addr):
if not privileged and not pkgbase_has_write_access(pkgbase, user): if not privileged and not pkgbase_has_write_access(pkgbase, user):
raise aurweb.exceptions.PermissionDeniedException(user) raise aurweb.exceptions.PermissionDeniedException(user)
if not os.access(git_update_cmd, os.R_OK | os.X_OK):
raise aurweb.exceptions.BrokenUpdateHookException(git_update_cmd)
os.environ["AUR_USER"] = user os.environ["AUR_USER"] = user
os.environ["AUR_PKGBASE"] = pkgbase os.environ["AUR_PKGBASE"] = pkgbase
os.environ["GIT_NAMESPACE"] = pkgbase os.environ["GIT_NAMESPACE"] = pkgbase