gitlab-grack 2.0.0.rc2 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f620ff134c43ad395371b842da7bbeb812cf0434
-  data.tar.gz: edb62816e986e9eb510d66d077bba78514c575f4
+  metadata.gz: fdf3609511e6c0a489c572a4add4f89af65bae4b
+  data.tar.gz: 8ad35782833f609c0dba191250746d5a2dfd20bc
 SHA512:
-  metadata.gz: 662499bdfca3cb601ed8b64c14bde3160087f108e57062452610f47b1e34e873d4cb81131cc23be990e42ac2101f879015d06ee231fc87ace57b8eb8bf700505
-  data.tar.gz: 49a2126c89906af736b3bb4d4f3243dd8efa5656405ca0010f36f5a597ce5be4759d5bfa5166984a81d985f88e96648637e6299e325d9a68b069f8ea22bfd5a9
+  metadata.gz: 4f506cdcc801556af8b5ab796d8ebf46585ef4025805307bc2cef094a653c5a3a2b3efa941bf61f48593def2696b99ba31c4a026e0195309d63e1ede3d70f0e9
+  data.tar.gz: 0c5bb7dd97d1d5f07e57d3642a0f27b3bdc3d65b00586780d0e23a435e16f2ff5fd2f2185b563070ad77cd0ff15e695471466498dc7868af04ba4416e4ebfbd1

data/.gitignore

@@ -1,3 +1,4 @@
 coverage/
+examples/*.git
 pkg/
 *.gem

data/CHANGELOG

@@ -1,2 +1,10 @@
+2.0.0
+  - Use safer shell commands and avoid Dir.chdir
+  - Restrict the environment for shell commands
+  - Make Grack::Server thread-safe (zimbatm)
+  - Make sure child processes get reaped after popen
+  - Verify requested path is actually a Git directory (Ryan Canty)
+
+
 1.1.0
   - Modifies service_rpc to use chunked transfer (https://github.com/gitlabhq/grack/pull/1)

data/Gemfile

@@ -4,5 +4,6 @@ gemspec
 
 group :development do
   gem 'rake'
+  gem 'pry'
   gem 'rack-test'
 end

data/Gemfile.lock

@@ -1,19 +1,26 @@
 PATH
   remote: .
   specs:
-    gitlab-grack (2.0.0.pre)
+    gitlab-grack (2.0.0.rc2)
       rack (~> 1.5.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
+    coderay (1.1.0)
     metaclass (0.0.1)
+    method_source (0.8.2)
     mocha (0.14.0)
       metaclass (~> 0.0.1)
+    pry (0.10.1)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
     rack (1.5.2)
     rack-test (0.6.2)
       rack (>= 1.0)
     rake (10.1.0)
+    slop (3.6.0)
 
 PLATFORMS
   ruby
@@ -21,5 +28,6 @@ PLATFORMS
 DEPENDENCIES
   gitlab-grack!
   mocha (~> 0.11)
+  pry
   rack-test
   rake

data/Rakefile

@@ -19,7 +19,7 @@ end
 namespace :grack do
   desc "Start Grack"
   task :start do
-    system "rackup config.ru -p 8080"
+    system('./bin/testserver')
   end
 end
 

data/bin/console

@@ -0,0 +1,6 @@
+#! /bin/bash
+
+set -e
+
+cd $(dirname "$0")/..
+exec /usr/bin/env bundle exec pry -Ilib -r grack

data/bin/testserver

@@ -0,0 +1,14 @@
+#! /usr/bin/env ruby
+libdir = File.absolute_path( File.join( File.dirname(__FILE__), '../lib' ) )
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+require 'grack'
+require 'rack'
+root = File.absolute_path( File.join( File.dirname(__FILE__), '../examples' ) )
+app = Grack::Server.new({
+	project_root: root,
+	upload_pack: true,
+	receive_pack:true
+})
+
+Rack::Server.start app: app, Port: 3001

data/lib/grack/git.rb

@@ -0,0 +1,69 @@
+module Grack
+  class Git
+    attr_reader :repo
+
+    def initialize(git_path, repo_path)
+      @git_path = git_path
+      @repo = repo_path
+    end
+
+    def update_server_info
+      execute(%W(update-server-info))
+    end
+
+    def command(cmd)
+      [@git_path || 'git'] + cmd
+    end
+
+    def capture(cmd)
+      IO.popen(popen_env, cmd, popen_options).read
+    end
+
+    def execute(cmd)
+      cmd = command(cmd)
+      if block_given?
+        IO.popen(popen_env, cmd, File::RDWR, popen_options) do |pipe|
+          yield(pipe)
+        end
+      else
+        capture(cmd).chomp
+      end
+    end
+
+    def popen_options
+      { chdir: repo, unsetenv_others: true }
+    end
+
+    def popen_env
+      { 'PATH' => ENV['PATH'], 'GL_ID' => ENV['GL_ID'] }
+    end
+
+    def config_setting(service_name)
+      service_name = service_name.gsub('-', '')
+      setting = config("http.#{service_name}")
+
+      if service_name == 'uploadpack'
+        setting != 'false'
+      else
+        setting == 'true'
+      end
+    end
+
+    def config(config_name)
+      execute(%W(config #{config_name}))
+    end
+
+    def valid_repo?
+      return false unless File.exists?(repo) && File.realpath(repo) == repo
+
+      match = execute(%W(rev-parse --git-dir)).match(/\.$|\.git$/)
+      
+      if match.to_s == '.git'
+        # Since the parent could be a git repo, we want to make sure the actual repo contains a git dir.
+        return false unless Dir.entries(repo).include?('.git')
+      end
+
+      match
+    end
+  end
+end

data/lib/grack/server.rb

@@ -4,8 +4,11 @@ require 'rack/response'
 require 'rack/utils'
 require 'time'
 
+require 'grack/git'
+
 module Grack
   class Server
+    attr_reader :git
 
     SERVICES = [
       ["POST", 'service_rpc',      "(.*?)/git-upload-pack$",  'upload-pack'],
@@ -45,12 +48,12 @@ module Grack
       cmd, path, @reqfile, @rpc = match_routing
 
       return render_method_not_allowed if cmd == 'not_allowed'
-      return render_not_found if !cmd
+      return render_not_found unless cmd
 
-      @dir = get_git_dir(path)
-      return render_not_found if !@dir
+      @git = get_git(path)
+      return render_not_found unless git.valid_repo?
 
-      self.method(cmd).call()
+      self.method(cmd).call
     end
 
     # ---------------------------------
@@ -64,7 +67,8 @@ module Grack
     CRLF = "\r\n"
 
     def service_rpc
-      return render_no_access if !has_access(@rpc, true)
+      return render_no_access unless has_access?(@rpc, true)
+
       input = read_body
 
       @res = Rack::Response.new
@@ -74,14 +78,14 @@ module Grack
       @res["Cache-Control"] = "no-cache"
 
       @res.finish do
-        command = git_command(%W(#{@rpc} --stateless-rpc #{@dir}))
-        IO.popen(popen_env, command, File::RDWR, popen_options) do |pipe|
+        git.execute([@rpc, '--stateless-rpc', git.repo]) do |pipe|
           pipe.write(input)
           pipe.close_write
-          while !pipe.eof?
-            block = pipe.read(8192)           # 8KB at a time
-            @res.write encode_chunk(block)    # stream it to the client
+
+          while block = pipe.read(8192)     # 8KB at a time
+            @res.write encode_chunk(block)  # stream it to the client
           end
+
           @res.write terminating_chunk
         end
       end
@@ -89,35 +93,33 @@ module Grack
 
     def encode_chunk(chunk)
       size_in_hex = chunk.size.to_s(16)
-      [ size_in_hex, CRLF, chunk, CRLF ].join
+      [size_in_hex, CRLF, chunk, CRLF].join
     end
 
     def terminating_chunk
-      [ 0, CRLF, CRLF ].join
+      [0, CRLF, CRLF].join
     end
 
     def get_info_refs
       service_name = get_service_type
+      return dumb_info_refs unless has_access?(service_name)
 
-      if has_access(service_name)
-        cmd = git_command(%W(#{service_name} --stateless-rpc --advertise-refs #{@dir}))
-        refs = capture(cmd)
+      refs = git.execute([service_name, '--stateless-rpc', '--advertise-refs', git.repo])
 
-        @res = Rack::Response.new
-        @res.status = 200
-        @res["Content-Type"] = "application/x-git-%s-advertisement" % service_name
-        hdr_nocache
-        @res.write(pkt_write("# service=git-#{service_name}\n"))
-        @res.write(pkt_flush)
-        @res.write(refs)
-        @res.finish
-      else
-        dumb_info_refs
-      end
+      @res = Rack::Response.new
+      @res.status = 200
+      @res["Content-Type"] = "application/x-git-%s-advertisement" % service_name
+      hdr_nocache
+
+      @res.write(pkt_write("# service=git-#{service_name}\n"))
+      @res.write(pkt_flush)
+      @res.write(refs)
+
+      @res.finish
     end
 
     def dumb_info_refs
-      update_server_info
+      git.update_server_info
       send_file(@reqfile, "text/plain; charset=utf-8") do
         hdr_nocache
       end
@@ -158,38 +160,33 @@ module Grack
     # logic helping functions
     # ------------------------
 
-    F = ::File
-
     # some of this borrowed from the Rack::File implementation
     def send_file(reqfile, content_type)
-      reqfile = File.join(@dir, reqfile)
-      return render_not_found if !F.exists?(reqfile)
+      reqfile = File.join(git.repo, reqfile)
+      return render_not_found unless File.exists?(reqfile)
 
-      if reqfile == File.realpath(reqfile)
-        # reqfile looks legit: no path traversal, no leading '|'
-      else
-        # reqfile does not look trustworthy; abort
-        return render_not_found
-      end
+      return render_not_found unless reqfile == File.realpath(reqfile)
+
+      # reqfile looks legit: no path traversal, no leading '|'
 
       @res = Rack::Response.new
       @res.status = 200
       @res["Content-Type"]  = content_type
-      @res["Last-Modified"] = F.mtime(reqfile).httpdate
+      @res["Last-Modified"] = File.mtime(reqfile).httpdate
 
       yield
 
-      if size = F.size?(reqfile)
+      if size = File.size?(reqfile)
         @res["Content-Length"] = size.to_s
         @res.finish do
-          F.open(reqfile, "rb") do |file|
+          File.open(reqfile, "rb") do |file|
             while part = file.read(8192)
               @res.write part
             end
           end
         end
       else
-        body = [F.read(reqfile)]
+        body = [File.read(reqfile)]
         size = Rack::Utils.bytesize(body.first)
         @res["Content-Length"] = size
         @res.write body
@@ -197,21 +194,15 @@ module Grack
       end
     end
 
-    def get_git_dir(path)
+    def get_git(path)
       root = @config[:project_root] || Dir.pwd
       path = File.join(root, path)
-      if !File.exists?(path)
-        false
-      elsif File.realpath(path) != path # looks like path traversal
-        false
-      else
-        path # TODO: check is a valid git directory
-      end
+      Grack::Git.new(@config[:git_path], path)
     end
 
     def get_service_type
       service_type = @req.params['service']
-      return false if !service_type
+      return false unless service_type
       return false if service_type[0, 4] != 'git-'
       service_type.gsub('git-', '')
     end
@@ -219,81 +210,54 @@ module Grack
     def match_routing
       cmd = nil
       path = nil
+
       SERVICES.each do |method, handler, match, rpc|
-        if m = Regexp.new(match).match(@req.path_info)
-          return ['not_allowed'] if method != @req.request_method
-          cmd = handler
-          path = m[1]
-          file = @req.path_info.sub(path + '/', '')
-          return [cmd, path, file, rpc]
-        end
+        next unless m = Regexp.new(match).match(@req.path_info)
+
+        return ['not_allowed'] unless method == @req.request_method
+
+        cmd = handler
+        path = m[1]
+        file = @req.path_info.sub(path + '/', '')
+
+        return [cmd, path, file, rpc]
       end
-      return nil
+      
+      nil
     end
 
-    def has_access(rpc, check_content_type = false)
+    def has_access?(rpc, check_content_type = false)
       if check_content_type
-        return false if @req.content_type != "application/x-git-%s-request" % rpc
+        conten_type = "application/x-git-%s-request" % rpc
+        return false unless @req.content_type == conten_type
       end
-      return false if !['upload-pack', 'receive-pack'].include? rpc
+
+      return false unless ['upload-pack', 'receive-pack'].include?(rpc)
+
       if rpc == 'receive-pack'
-        return @config[:receive_pack] if @config.include? :receive_pack
+        return @config[:receive_pack] if @config.include?(:receive_pack)
       end
-      if rpc == 'upload-pack'
-        return @config[:upload_pack] if @config.include? :upload_pack
-      end
-      return get_config_setting(rpc)
-    end
 
-    def get_config_setting(service_name)
-      service_name = service_name.gsub('-', '')
-      setting = get_git_config("http.#{service_name}")
-      if service_name == 'uploadpack'
-        return setting != 'false'
-      else
-        return setting == 'true'
+      if rpc == 'upload-pack'
+        return @config[:upload_pack] if @config.include?(:upload_pack)
       end
-    end
 
-    def get_git_config(config_name)
-      cmd = git_command(%W(config #{config_name}))
-      capture(cmd).chomp
+      git.config_setting(rpc)
     end
 
     def read_body
       if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
-        input = Zlib::GzipReader.new(@req.body).read
+        Zlib::GzipReader.new(@req.body).read
       else
-        input = @req.body.read
+        @req.body.read
       end
     end
 
-    def update_server_info
-      cmd = git_command(%W(update-server-info))
-      capture(cmd)
-    end
-
-    def git_command(command)
-      [@config[:git_path] || 'git'] + command
-    end
-
-    def capture(command)
-      IO.popen(popen_env, command, popen_options) { |p| p.read }
-    end
-
-    def popen_options
-      {chdir: @dir, unsetenv_others: true}
-    end
-
-    def popen_env
-      {'PATH' => ENV['PATH'], 'GL_ID' => ENV['GL_ID']}
-    end
-
     # --------------------------------------
     # HTTP error response handling functions
     # --------------------------------------
 
-    PLAIN_TYPE = {"Content-Type" => "text/plain"}
+    PLAIN_TYPE = { "Content-Type" => "text/plain" }
 
     def render_method_not_allowed
       if @env['SERVER_PROTOCOL'] == "HTTP/1.1"
@@ -321,10 +285,9 @@ module Grack
     end
 
     def pkt_write(str)
-      (str.size + 4).to_s(base=16).rjust(4, '0') + str
+      (str.size + 4).to_s(16).rjust(4, '0') + str
     end
 
-
     # ------------------------
     # header writing functions
     # ------------------------
@@ -341,6 +304,5 @@ module Grack
       @res["Expires"] = (now + 31536000).to_s;
       @res["Cache-Control"] = "public, max-age=31536000";
     end
-
   end
 end

data/lib/grack/version.rb

@@ -1,3 +1,3 @@
 module Grack
-  VERSION = "2.0.0.rc2"
+  VERSION = "2.0.0"
 end

data/tests/main_test.rb

@@ -5,6 +5,7 @@ require 'mocha'
 require 'digest/sha1'
 
 require_relative '../lib/grack/server.rb'
+require_relative '../lib/grack/git.rb'
 require 'pp'
 
 class GitHttpTest < Test::Unit::TestCase
@@ -52,11 +53,13 @@ class GitHttpTest < Test::Unit::TestCase
   end
 
   def test_no_access_wrong_path_rcp
+    Grack::Git.any_instance.stubs(:valid_repo?).returns(false)
     post "/example-wrong/git-upload-pack"
     assert_equal 404, r.status
   end
 
   def test_upload_pack_rpc
+    Grack::Git.any_instance.stubs(:valid_repo?).returns(true)
     IO.stubs(:popen).returns(MockProcess.new)
     post "/example/git-upload-pack", {}, {"CONTENT_TYPE" => "application/x-git-upload-pack-request"}
     assert_equal 200, r.status
@@ -74,6 +77,7 @@ class GitHttpTest < Test::Unit::TestCase
   end
 
   def test_recieve_pack_rpc
+    Grack::Git.any_instance.stubs(:valid_repo?).returns(true)
     IO.stubs(:popen).yields(MockProcess.new)
     post "/example/git-receive-pack", {}, {"CONTENT_TYPE" => "application/x-git-receive-pack-request"}
     assert_equal 200, r.status
@@ -151,52 +155,56 @@ class GitHttpTest < Test::Unit::TestCase
 
   def test_git_config_receive_pack
     app1 = Grack::Server.new({:project_root => example})
+    app1.instance_variable_set(:@git, Grack::Git.new('git', example ))
     session = Rack::Test::Session.new(app1)
-
-    app1.stubs(:get_git_config).with('http.receivepack').returns('')
+    git = Grack::Git
+    git.any_instance.stubs(:config).with('http.receivepack').returns('')
     session.get "/example/info/refs?service=git-receive-pack"
     assert_equal 404, session.last_response.status
 
-    app1.stubs(:get_git_config).with('http.receivepack').returns('true')
+    git.any_instance.stubs(:config).with('http.receivepack').returns('true')
     session.get "/example/info/refs?service=git-receive-pack"
     assert_equal 200, session.last_response.status
 
-    app1.stubs(:get_git_config).with('http.receivepack').returns('false')
+    git.any_instance.stubs(:config).with('http.receivepack').returns('false')
     session.get "/example/info/refs?service=git-receive-pack"
     assert_equal 404, session.last_response.status
   end
 
   def test_git_config_upload_pack
     app1 = Grack::Server.new({:project_root => example})
+    # app1.instance_variable_set(:@git, Grack::Git.new('git', example ))
     session = Rack::Test::Session.new(app1)
-
-    app1.stubs(:get_git_config).with('http.uploadpack').returns('')
+    git = Grack::Git
+    git.any_instance.stubs(:config).with('http.uploadpack').returns('')
     session.get "/example/info/refs?service=git-upload-pack"
     assert_equal 200, session.last_response.status
 
-    app1.stubs(:get_git_config).with('http.uploadpack').returns('true')
+    git.any_instance.stubs(:config).with('http.uploadpack').returns('true')
     session.get "/example/info/refs?service=git-upload-pack"
     assert_equal 200, session.last_response.status
 
-    app1.stubs(:get_git_config).with('http.uploadpack').returns('false')
+    git.any_instance.stubs(:config).with('http.uploadpack').returns('false')
     session.get "/example/info/refs?service=git-upload-pack"
     assert_equal 404, session.last_response.status
   end
 
   def test_send_file
     app1 = app
-    app1.instance_variable_set(:@dir, Dir.pwd)
+    app1.instance_variable_set(:@git, Grack::Git.new('git', Dir.pwd))
     # Reject path traversal
     assert_equal 404, app1.send_file('tests/../tests', 'text/plain').first
     # Reject paths starting with '|', avoid File.read('|touch /tmp/pawned; ls /tmp')
     assert_equal 404, app1.send_file('|tests', 'text/plain').first
   end
 
-  def test_get_git_dir
+  def test_get_git
     # Guard against non-existent directories
-    assert_equal false, app.get_git_dir('foobar')
+    git1 = Grack::Git.new('git', 'foobar')
+    assert_equal false, git1.valid_repo?
     # Guard against path traversal
-    assert_equal false, app.get_git_dir('/../tests')
+    git2 = Grack::Git.new('git', '/../tests')
+    assert_equal false, git2.valid_repo?
   end
 
   private
@@ -241,7 +249,8 @@ class MockProcess
   def write(data)
   end
 
-  def read(data)
+  def read(data = nil)
+    ''
   end
 
   def eof?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-grack
 version: !ruby/object:Gem::Version
-  version: 2.0.0.rc2
+  version: 2.0.0
 platform: ruby
 authors:
 - Scott Chacon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-23 00:00:00.000000000 Z
+date: 2015-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -41,7 +41,9 @@ dependencies:
 description: Ruby/Rack Git Smart-HTTP Server Handler
 email:
 - schacon@gmail.com
-executables: []
+executables:
+- console
+- testserver
 extensions: []
 extra_rdoc_files: []
 files:
@@ -53,12 +55,15 @@ files:
 - Gemfile.lock
 - README.md
 - Rakefile
+- bin/console
+- bin/testserver
 - examples/dispatch.fcgi
 - grack.gemspec
 - install.txt
 - lib/grack.rb
 - lib/grack/auth.rb
 - lib/grack/bundle.rb
+- lib/grack/git.rb
 - lib/grack/server.rb
 - lib/grack/version.rb
 - tests/main_test.rb
@@ -76,9 +81,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.2.2
@@ -87,3 +92,4 @@ specification_version: 4
 summary: Ruby/Rack Git Smart-HTTP Server Handler
 test_files:
 - tests/main_test.rb
+has_rdoc: