isomorphic-git 1.37.0 → 1.37.2

package/README.md

@@ -414,6 +414,9 @@ Thanks goes to these wonderful people ([emoji key](https://github.com/kentcdodds
     <td align="center"><a href="https://github.com/Andarist"><img src="https://avatars.githubusercontent.com/u/9800850?v=4?s=60" width="60px;" alt=""/><br /><sub><b>Mateusz Burzyński</b></sub></a><br /><a href="https://github.com/isomorphic-git/isomorphic-git/commits?author=Andarist" title="Code">💻</a> <a href="https://github.com/isomorphic-git/isomorphic-git/commits?author=Andarist" title="Tests">⚠️</a></td>
     <td align="center"><a href="https://github.com/IAmSSH"><img src="https://avatars.githubusercontent.com/u/34162350?v=4?s=60" width="60px;" alt=""/><br /><sub><b>iamssh</b></sub></a><br /><a href="https://github.com/isomorphic-git/isomorphic-git/commits?author=IAmSSH" title="Code">💻</a> <a href="https://github.com/isomorphic-git/isomorphic-git/commits?author=IAmSSH" title="Documentation">📖</a> <a href="https://github.com/isomorphic-git/isomorphic-git/commits?author=IAmSSH" title="Tests">⚠️</a></td>
   </tr>
+  <tr>
+    <td align="center"><a href="https://github.com/N0zoM1z0"><img src="https://avatars.githubusercontent.com/u/161784452?v=4?s=60" width="60px;" alt=""/><br /><sub><b>N0zoM1z0</b></sub></a><br /><a href="#security-N0zoM1z0" title="Security">🛡️</a></td>
+  </tr>
 </table>
 
 <!-- markdownlint-restore -->

package/index.cjs

@@ -3395,6 +3395,40 @@ async function readObjectPacked({
         const packFile = indexFile.replace(/idx$/, 'pack');
         p.pack = fs.read(packFile);
       }
+      const pack = await p.pack;
+
+      // === Packfile Integrity Verification ===
+      // Performance optimization: use _checksumVerified flag to verify only once per packfile
+      if (!p._checksumVerified) {
+        const expectedShaFromIndex = p.packfileSha;
+
+        // 1. Fast Check: Verify packfile trailer matches index record
+        // Use subarray instead of slice to avoid memory copy (zero-copy for large packfiles)
+        const packTrailer = pack.subarray(-20);
+        const packTrailerSha = Array.from(packTrailer)
+          .map(b => b.toString(16).padStart(2, '0'))
+          .join('');
+        if (packTrailerSha !== expectedShaFromIndex) {
+          throw new InternalError(
+            `Packfile trailer mismatch: expected ${expectedShaFromIndex}, got ${packTrailerSha}. The packfile may be corrupted.`
+          )
+        }
+
+        // 2. Deep Integrity Check: Calculate actual SHA-1 of packfile payload
+        // This ensures true data integrity by verifying the entire packfile content
+        // Use subarray for zero-copy reading of large files
+        const payload = pack.subarray(0, -20);
+        const actualPayloadSha = await shasum(payload);
+        if (actualPayloadSha !== expectedShaFromIndex) {
+          throw new InternalError(
+            `Packfile payload corrupted: calculated ${actualPayloadSha} but expected ${expectedShaFromIndex}. The packfile may have been tampered with.`
+          )
+        }
+
+        // Mark as verified to prevent performance regression on subsequent reads
+        p._checksumVerified = true;
+      }
+
       const result = await p.read({ oid, getExternalRefDelta });
       result.format = 'content';
       result.source = `objects/pack/${filename.replace(/idx$/, 'pack')}`;
@@ -9261,8 +9295,8 @@ function filterCapabilities(server, client) {
 
 const pkg = {
   name: 'isomorphic-git',
-  version: '1.37.0',
-  agent: 'git/isomorphic-git@1.37.0',
+  version: '1.37.2',
+  agent: 'git/isomorphic-git@1.37.2',
 };
 
 class FIFO {

package/index.js

@@ -3389,6 +3389,40 @@ async function readObjectPacked({
         const packFile = indexFile.replace(/idx$/, 'pack');
         p.pack = fs.read(packFile);
       }
+      const pack = await p.pack;
+
+      // === Packfile Integrity Verification ===
+      // Performance optimization: use _checksumVerified flag to verify only once per packfile
+      if (!p._checksumVerified) {
+        const expectedShaFromIndex = p.packfileSha;
+
+        // 1. Fast Check: Verify packfile trailer matches index record
+        // Use subarray instead of slice to avoid memory copy (zero-copy for large packfiles)
+        const packTrailer = pack.subarray(-20);
+        const packTrailerSha = Array.from(packTrailer)
+          .map(b => b.toString(16).padStart(2, '0'))
+          .join('');
+        if (packTrailerSha !== expectedShaFromIndex) {
+          throw new InternalError(
+            `Packfile trailer mismatch: expected ${expectedShaFromIndex}, got ${packTrailerSha}. The packfile may be corrupted.`
+          )
+        }
+
+        // 2. Deep Integrity Check: Calculate actual SHA-1 of packfile payload
+        // This ensures true data integrity by verifying the entire packfile content
+        // Use subarray for zero-copy reading of large files
+        const payload = pack.subarray(0, -20);
+        const actualPayloadSha = await shasum(payload);
+        if (actualPayloadSha !== expectedShaFromIndex) {
+          throw new InternalError(
+            `Packfile payload corrupted: calculated ${actualPayloadSha} but expected ${expectedShaFromIndex}. The packfile may have been tampered with.`
+          )
+        }
+
+        // Mark as verified to prevent performance regression on subsequent reads
+        p._checksumVerified = true;
+      }
+
       const result = await p.read({ oid, getExternalRefDelta });
       result.format = 'content';
       result.source = `objects/pack/${filename.replace(/idx$/, 'pack')}`;
@@ -9255,8 +9289,8 @@ function filterCapabilities(server, client) {
 
 const pkg = {
   name: 'isomorphic-git',
-  version: '1.37.0',
-  agent: 'git/isomorphic-git@1.37.0',
+  version: '1.37.2',
+  agent: 'git/isomorphic-git@1.37.2',
 };
 
 class FIFO {