isomorphic-git 1.37.0 → 1.37.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/index.cjs +36 -2
- package/index.js +36 -2
- package/index.umd.min.js +1 -1
- package/index.umd.min.js.map +1 -1
- package/managers/index.cjs +34 -0
- package/managers/index.js +34 -0
- package/managers/index.umd.min.js +1 -1
- package/managers/index.umd.min.js.map +1 -1
- package/package.json +1 -1
package/managers/index.cjs
CHANGED
|
@@ -4159,6 +4159,40 @@ async function readObjectPacked({
|
|
|
4159
4159
|
const packFile = indexFile.replace(/idx$/, 'pack');
|
|
4160
4160
|
p.pack = fs.read(packFile);
|
|
4161
4161
|
}
|
|
4162
|
+
const pack = await p.pack;
|
|
4163
|
+
|
|
4164
|
+
// === Packfile Integrity Verification ===
|
|
4165
|
+
// Performance optimization: use _checksumVerified flag to verify only once per packfile
|
|
4166
|
+
if (!p._checksumVerified) {
|
|
4167
|
+
const expectedShaFromIndex = p.packfileSha;
|
|
4168
|
+
|
|
4169
|
+
// 1. Fast Check: Verify packfile trailer matches index record
|
|
4170
|
+
// Use subarray instead of slice to avoid memory copy (zero-copy for large packfiles)
|
|
4171
|
+
const packTrailer = pack.subarray(-20);
|
|
4172
|
+
const packTrailerSha = Array.from(packTrailer)
|
|
4173
|
+
.map(b => b.toString(16).padStart(2, '0'))
|
|
4174
|
+
.join('');
|
|
4175
|
+
if (packTrailerSha !== expectedShaFromIndex) {
|
|
4176
|
+
throw new InternalError(
|
|
4177
|
+
`Packfile trailer mismatch: expected ${expectedShaFromIndex}, got ${packTrailerSha}. The packfile may be corrupted.`
|
|
4178
|
+
)
|
|
4179
|
+
}
|
|
4180
|
+
|
|
4181
|
+
// 2. Deep Integrity Check: Calculate actual SHA-1 of packfile payload
|
|
4182
|
+
// This ensures true data integrity by verifying the entire packfile content
|
|
4183
|
+
// Use subarray for zero-copy reading of large files
|
|
4184
|
+
const payload = pack.subarray(0, -20);
|
|
4185
|
+
const actualPayloadSha = await shasum(payload);
|
|
4186
|
+
if (actualPayloadSha !== expectedShaFromIndex) {
|
|
4187
|
+
throw new InternalError(
|
|
4188
|
+
`Packfile payload corrupted: calculated ${actualPayloadSha} but expected ${expectedShaFromIndex}. The packfile may have been tampered with.`
|
|
4189
|
+
)
|
|
4190
|
+
}
|
|
4191
|
+
|
|
4192
|
+
// Mark as verified to prevent performance regression on subsequent reads
|
|
4193
|
+
p._checksumVerified = true;
|
|
4194
|
+
}
|
|
4195
|
+
|
|
4162
4196
|
const result = await p.read({ oid, getExternalRefDelta });
|
|
4163
4197
|
result.format = 'content';
|
|
4164
4198
|
result.source = `objects/pack/${filename.replace(/idx$/, 'pack')}`;
|
package/managers/index.js
CHANGED
|
@@ -4153,6 +4153,40 @@ async function readObjectPacked({
|
|
|
4153
4153
|
const packFile = indexFile.replace(/idx$/, 'pack');
|
|
4154
4154
|
p.pack = fs.read(packFile);
|
|
4155
4155
|
}
|
|
4156
|
+
const pack = await p.pack;
|
|
4157
|
+
|
|
4158
|
+
// === Packfile Integrity Verification ===
|
|
4159
|
+
// Performance optimization: use _checksumVerified flag to verify only once per packfile
|
|
4160
|
+
if (!p._checksumVerified) {
|
|
4161
|
+
const expectedShaFromIndex = p.packfileSha;
|
|
4162
|
+
|
|
4163
|
+
// 1. Fast Check: Verify packfile trailer matches index record
|
|
4164
|
+
// Use subarray instead of slice to avoid memory copy (zero-copy for large packfiles)
|
|
4165
|
+
const packTrailer = pack.subarray(-20);
|
|
4166
|
+
const packTrailerSha = Array.from(packTrailer)
|
|
4167
|
+
.map(b => b.toString(16).padStart(2, '0'))
|
|
4168
|
+
.join('');
|
|
4169
|
+
if (packTrailerSha !== expectedShaFromIndex) {
|
|
4170
|
+
throw new InternalError(
|
|
4171
|
+
`Packfile trailer mismatch: expected ${expectedShaFromIndex}, got ${packTrailerSha}. The packfile may be corrupted.`
|
|
4172
|
+
)
|
|
4173
|
+
}
|
|
4174
|
+
|
|
4175
|
+
// 2. Deep Integrity Check: Calculate actual SHA-1 of packfile payload
|
|
4176
|
+
// This ensures true data integrity by verifying the entire packfile content
|
|
4177
|
+
// Use subarray for zero-copy reading of large files
|
|
4178
|
+
const payload = pack.subarray(0, -20);
|
|
4179
|
+
const actualPayloadSha = await shasum(payload);
|
|
4180
|
+
if (actualPayloadSha !== expectedShaFromIndex) {
|
|
4181
|
+
throw new InternalError(
|
|
4182
|
+
`Packfile payload corrupted: calculated ${actualPayloadSha} but expected ${expectedShaFromIndex}. The packfile may have been tampered with.`
|
|
4183
|
+
)
|
|
4184
|
+
}
|
|
4185
|
+
|
|
4186
|
+
// Mark as verified to prevent performance regression on subsequent reads
|
|
4187
|
+
p._checksumVerified = true;
|
|
4188
|
+
}
|
|
4189
|
+
|
|
4156
4190
|
const result = await p.read({ oid, getExternalRefDelta });
|
|
4157
4191
|
result.format = 'content';
|
|
4158
4192
|
result.source = `objects/pack/${filename.replace(/idx$/, 'pack')}`;
|