Avoiding directory execution on hook (#10954) (#10955)

bazilek · web-flow · commit 240258a3e5de · 2020-04-04T11:29:58.000-05:00
* test -x is not enough https://stackoverflow.com/a/39489087
diff --git a/integrations/gitea-repositories-meta/user2/repo20.git/hooks/post-receive b/integrations/gitea-repositories-meta/user2/repo20.git/hooks/post-receive
@@ -5,7 +5,7 @@ hookname=$(basename $0)
 GIT_DIR=${GIT_DIR:-$(dirname $0)}
 
 for hook in ${GIT_DIR}/hooks/${hookname}.d/*; do
-test -x "${hook}" || continue
+test -x "${hook}" && test -f "${hook}" || continue
 echo "${data}" | "${hook}"
 exitcodes="${exitcodes} $?"
 done
diff --git a/integrations/gitea-repositories-meta/user2/repo20.git/hooks/pre-receive b/integrations/gitea-repositories-meta/user2/repo20.git/hooks/pre-receive
@@ -5,7 +5,7 @@ hookname=$(basename $0)
 GIT_DIR=${GIT_DIR:-$(dirname $0)}
 
 for hook in ${GIT_DIR}/hooks/${hookname}.d/*; do
-test -x "${hook}" || continue
+test -x "${hook}" && test -f "${hook}" || continue
 echo "${data}" | "${hook}"
 exitcodes="${exitcodes} $?"
 done
diff --git a/integrations/gitea-repositories-meta/user2/repo20.git/hooks/update b/integrations/gitea-repositories-meta/user2/repo20.git/hooks/update
@@ -4,7 +4,7 @@ hookname=$(basename $0)
 GIT_DIR=${GIT_DIR:-$(dirname $0)}
 
 for hook in ${GIT_DIR}/hooks/${hookname}.d/*; do
-test -x "${hook}" || continue
+test -x "${hook}" && test -f "${hook}" || continue
 "${hook}" $1 $2 $3
 exitcodes="${exitcodes} $?"
 done
diff --git a/integrations/gitea-repositories-meta/user27/template1.git/hooks/post-receive b/integrations/gitea-repositories-meta/user27/template1.git/hooks/post-receive
@@ -5,7 +5,7 @@ hookname=$(basename $0)
 GIT_DIR=${GIT_DIR:-$(dirname $0)}
 
 for hook in ${GIT_DIR}/hooks/${hookname}.d/*; do
-test -x "${hook}" || continue
+test -x "${hook}" && test -f "${hook}" || continue
 echo "${data}" | "${hook}"
 exitcodes="${exitcodes} $?"
 done
diff --git a/integrations/gitea-repositories-meta/user27/template1.git/hooks/pre-receive b/integrations/gitea-repositories-meta/user27/template1.git/hooks/pre-receive
@@ -5,7 +5,7 @@ hookname=$(basename $0)
 GIT_DIR=${GIT_DIR:-$(dirname $0)}
 
 for hook in ${GIT_DIR}/hooks/${hookname}.d/*; do
-test -x "${hook}" || continue
+test -x "${hook}" && test -f "${hook}" || continue
 echo "${data}" | "${hook}"
 exitcodes="${exitcodes} $?"
 done
diff --git a/integrations/gitea-repositories-meta/user27/template1.git/hooks/update b/integrations/gitea-repositories-meta/user27/template1.git/hooks/update
@@ -4,7 +4,7 @@ hookname=$(basename $0)
 GIT_DIR=${GIT_DIR:-$(dirname $0)}
 
 for hook in ${GIT_DIR}/hooks/${hookname}.d/*; do
-test -x "${hook}" || continue
+test -x "${hook}" && test -f "${hook}" || continue
 "${hook}" $1 $2 $3
 exitcodes="${exitcodes} $?"
 done
diff --git a/modules/repository/hooks.go b/modules/repository/hooks.go
@@ -29,9 +29,9 @@ func createDelegateHooks(repoPath string) (err error) {
 	var (
 		hookNames = []string{"pre-receive", "update", "post-receive"}
 		hookTpls  = []string{
-			fmt.Sprintf("#!/usr/bin/env %s\ndata=$(cat)\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" || continue\necho \"${data}\" | \"${hook}\"\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
-			fmt.Sprintf("#!/usr/bin/env %s\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" || continue\n\"${hook}\" $1 $2 $3\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
-			fmt.Sprintf("#!/usr/bin/env %s\ndata=$(cat)\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" || continue\necho \"${data}\" | \"${hook}\"\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
+			fmt.Sprintf("#!/usr/bin/env %s\ndata=$(cat)\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" && test -f \"${hook}\" || continue\necho \"${data}\" | \"${hook}\"\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
+			fmt.Sprintf("#!/usr/bin/env %s\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" && test -f \"${hook}\" || continue\n\"${hook}\" $1 $2 $3\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
+			fmt.Sprintf("#!/usr/bin/env %s\ndata=$(cat)\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" && test -f \"${hook}\" || continue\necho \"${data}\" | \"${hook}\"\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
 		}
 		giteaHookTpls = []string{
 			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' pre-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
