Skip to content

Commit be6114e

Browse files
ByronByron
committed
fix: assure permissions per trust level are properly inherited into open::Options.
1 parent f409a2a commit be6114e

File tree

2 files changed

+13
-13
lines changed

2 files changed

+13
-13
lines changed

Cargo.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

git-repository/src/open.rs

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ pub(crate) struct EnvironmentOverrides {
8484
}
8585

8686
impl EnvironmentOverrides {
87-
fn from_env() -> Result<Self, crate::permission::env_var::resource::Error> {
87+
fn from_env() -> Result<Self, permission::env_var::resource::Error> {
8888
let mut worktree_dir = None;
8989
if let Some(path) = std::env::var_os("GIT_WORK_TREE") {
9090
worktree_dir = PathBuf::from(path).into();
@@ -186,7 +186,7 @@ impl Options {
186186
}
187187

188188
/// Open a repository at `path` with the options set so far.
189-
pub fn open(self, path: impl Into<std::path::PathBuf>) -> Result<ThreadSafeRepository, Error> {
189+
pub fn open(self, path: impl Into<PathBuf>) -> Result<ThreadSafeRepository, Error> {
190190
ThreadSafeRepository::open_opts(path, self)
191191
}
192192
}
@@ -197,17 +197,17 @@ impl git_sec::trust::DefaultForLevel for Options {
197197
git_sec::Trust::Full => Options {
198198
object_store_slots: Default::default(),
199199
replacement_objects: Default::default(),
200-
permissions: Permissions::all(),
200+
permissions: Permissions::default_for_level(level),
201201
git_dir_trust: git_sec::Trust::Full.into(),
202202
filter_config_section: Some(config::section::is_trusted),
203203
lossy_config: None,
204204
},
205205
git_sec::Trust::Reduced => Options {
206206
object_store_slots: git_odb::store::init::Slots::Given(32), // limit resource usage
207207
replacement_objects: ReplacementObjects::Disable, // don't be tricked into seeing manufactured objects
208-
permissions: Default::default(),
208+
permissions: Permissions::default_for_level(level),
209209
git_dir_trust: git_sec::Trust::Reduced.into(),
210-
filter_config_section: Some(crate::config::section::is_trusted),
210+
filter_config_section: Some(config::section::is_trusted),
211211
lossy_config: None,
212212
},
213213
}
@@ -219,28 +219,28 @@ impl git_sec::trust::DefaultForLevel for Options {
219219
#[allow(missing_docs)]
220220
pub enum Error {
221221
#[error(transparent)]
222-
Config(#[from] crate::config::Error),
222+
Config(#[from] config::Error),
223223
#[error(transparent)]
224224
NotARepository(#[from] git_discover::is_git::Error),
225225
#[error(transparent)]
226226
ObjectStoreInitialization(#[from] std::io::Error),
227227
#[error("The git directory at '{}' is considered unsafe as it's not owned by the current user.", .path.display())]
228-
UnsafeGitDir { path: std::path::PathBuf },
228+
UnsafeGitDir { path: PathBuf },
229229
#[error(transparent)]
230-
EnvironmentAccessDenied(#[from] crate::permission::env_var::resource::Error),
230+
EnvironmentAccessDenied(#[from] permission::env_var::resource::Error),
231231
}
232232

233233
impl ThreadSafeRepository {
234234
/// Open a git repository at the given `path`, possibly expanding it to `path/.git` if `path` is a work tree dir.
235-
pub fn open(path: impl Into<std::path::PathBuf>) -> Result<Self, Error> {
235+
pub fn open(path: impl Into<PathBuf>) -> Result<Self, Error> {
236236
Self::open_opts(path, Options::default())
237237
}
238238

239239
/// Open a git repository at the given `path`, possibly expanding it to `path/.git` if `path` is a work tree dir, and use
240240
/// `options` for fine-grained control.
241241
///
242242
/// Note that you should use [`crate::discover()`] if security should be adjusted by ownership.
243-
pub fn open_opts(path: impl Into<std::path::PathBuf>, mut options: Options) -> Result<Self, Error> {
243+
pub fn open_opts(path: impl Into<PathBuf>, mut options: Options) -> Result<Self, Error> {
244244
let (path, kind) = {
245245
let path = path.into();
246246
match git_discover::is_git(&path) {
@@ -319,7 +319,7 @@ impl ThreadSafeRepository {
319319
.map(|cd| git_dir.join(cd));
320320
let common_dir_ref = common_dir.as_deref().unwrap_or(&git_dir);
321321

322-
let repo_config = crate::config::cache::StageOne::new(common_dir_ref, git_dir_trust, lossy_config)?;
322+
let repo_config = config::cache::StageOne::new(common_dir_ref, git_dir_trust, lossy_config)?;
323323
let mut refs = {
324324
let reflog = repo_config.reflog.unwrap_or(git_ref::store::WriteReflog::Disable);
325325
let object_hash = repo_config.object_hash;
@@ -337,7 +337,7 @@ impl ThreadSafeRepository {
337337
repo_config,
338338
common_dir_ref,
339339
head.as_ref().and_then(|head| head.target.try_name()),
340-
filter_config_section.unwrap_or(crate::config::section::is_trusted),
340+
filter_config_section.unwrap_or(config::section::is_trusted),
341341
git_install_dir.as_deref(),
342342
home.as_deref(),
343343
env.clone(),

0 commit comments

Comments
 (0)