Make owner validation configurable

ltrzesniewski · ltrzesniewski · commit 28c796727804 · 2024-05-07T18:06:22.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -14,6 +14,7 @@ Thumbs.db
 *.ncb
 *.suo
 .vs/
+.idea/
 *.sln.ide/
 *.tlb
 *.tlh
diff --git a/LibGit2Sharp.Tests/GlobalSettingsFixture.cs b/LibGit2Sharp.Tests/GlobalSettingsFixture.cs
@@ -102,5 +102,20 @@ public void SetExtensions()
             extensions = GlobalSettings.GetExtensions();
             Assert.Equal(new[] { "newext", "noop", "objectformat", "partialclone" }, extensions);
         }
+
+        [Fact]
+        public void OwnerValidation()
+        {
+            // Assert that owner validation is enabled by default
+            Assert.True(GlobalSettings.OwnerValidation);
+
+            // Disable owner validation
+            GlobalSettings.OwnerValidation = false;
+            Assert.False(GlobalSettings.OwnerValidation);
+
+            // Enable it again
+            GlobalSettings.OwnerValidation = true;
+            Assert.True(GlobalSettings.OwnerValidation);
+        }
     }
 }
diff --git a/LibGit2Sharp/Core/NativeMethods.cs b/LibGit2Sharp/Core/NativeMethods.cs
@@ -746,6 +746,10 @@ internal static extern int git_libgit2_opts(int option, uint level,
         [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl)]
         internal static extern int git_libgit2_opts(int option, int enabled);
 
+        // git_libgit2_opts(GIT_OPT_GET_*, int *enabled)
+        [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl)]
+        internal static extern unsafe int git_libgit2_opts(int option, int* enabled);
+
         // git_libgit2_opts(GIT_OPT_SET_USER_AGENT, const char *path)
         [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl)]
         internal static extern int git_libgit2_opts(int option,
@@ -782,6 +786,10 @@ internal static extern int git_libgit2_opts_osxarm64(int option, IntPtr nop2, In
         [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl, EntryPoint = "git_libgit2_opts")]
         internal static extern int git_libgit2_opts_osxarm64(int option, IntPtr nop2, IntPtr nop3, IntPtr nop4, IntPtr nop5, IntPtr nop6, IntPtr nop7, IntPtr nop8, int enabled);
 
+        // git_libgit2_opts(GIT_OPT_GET_*, int enabled)
+        [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl, EntryPoint = "git_libgit2_opts")]
+        internal static extern unsafe int git_libgit2_opts_osxarm64(int option, IntPtr nop2, IntPtr nop3, IntPtr nop4, IntPtr nop5, IntPtr nop6, IntPtr nop7, IntPtr nop8, int* enabled);
+
         // git_libgit2_opts(GIT_OPT_SET_USER_AGENT, const char *path)
         [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl, EntryPoint = "git_libgit2_opts")]
         internal static extern int git_libgit2_opts_osxarm64(int option, IntPtr nop2, IntPtr nop3, IntPtr nop4, IntPtr nop5, IntPtr nop6, IntPtr nop7, IntPtr nop8,
diff --git a/LibGit2Sharp/Core/Proxy.cs b/LibGit2Sharp/Core/Proxy.cs
@@ -3397,6 +3397,8 @@ private enum LibGit2Option
             SetOdbLoosePriority,             // GIT_OPT_SET_ODB_LOOSE_PRIORITY,
             GetExtensions,                   // GIT_OPT_GET_EXTENSIONS,
             SetExtensions,                   // GIT_OPT_SET_EXTENSIONS
+            GetOwnerValidation,              // GIT_OPT_GET_OWNER_VALIDATION
+            SetOwnerValidation,              // GIT_OPT_SET_OWNER_VALIDATION
         }
 
         /// <summary>
@@ -3570,6 +3572,36 @@ public static string[] git_libgit2_opts_get_extensions()
             }
         }
 
+        /// <summary>
+        /// Gets the value of owner validation
+        /// </summary>
+        public static unsafe bool git_libgit2_opts_get_owner_validation()
+        {
+            // libgit2 expects non-zero value for true
+            int res, enabled;
+            if (isOSXArm64)
+                res = NativeMethods.git_libgit2_opts_osxarm64((int)LibGit2Option.GetOwnerValidation, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, &enabled);
+            else
+                res = NativeMethods.git_libgit2_opts((int)LibGit2Option.GetOwnerValidation, &enabled);
+            Ensure.ZeroResult(res);
+            return enabled != 0;
+        }
+
+        /// <summary>
+        /// Enable or disable owner validation
+        /// </summary>
+        /// <param name="enabled">true to enable owner validation, false otherwise</param>
+        public static void git_libgit2_opts_set_owner_validation(bool enabled)
+        {
+            // libgit2 expects non-zero value for true
+            int res;
+            if (isOSXArm64)
+                res = NativeMethods.git_libgit2_opts_osxarm64((int)LibGit2Option.SetOwnerValidation, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, enabled ? 1 : 0);
+            else
+                res = NativeMethods.git_libgit2_opts((int)LibGit2Option.SetOwnerValidation, enabled ? 1 : 0);
+            Ensure.ZeroResult(res);
+        }
+
         #endregion
 
         #region git_worktree_
diff --git a/LibGit2Sharp/GlobalSettings.cs b/LibGit2Sharp/GlobalSettings.cs
@@ -204,6 +204,19 @@ public static string NativeLibraryPath
             }
         }
 
+        /// <summary>
+        /// Controls the status of repository directory owner validation.
+        /// </summary>
+        /// <remarks>
+        /// By default, repository directories must be owned by the current user to be opened. This can be disabled by setting this property to false.
+        /// Note that disabling this can lead to security vulnerabilities (see CVE-2022-24765).
+        /// </remarks>
+        public static bool OwnerValidation
+        {
+            get => Proxy.git_libgit2_opts_get_owner_validation();
+            set => Proxy.git_libgit2_opts_set_owner_validation(value);
+        }
+
         internal static string GetAndLockNativeLibraryPath()
         {
             nativeLibraryPathLocked = true;

-Original file line number
+Diff line change
 *.ncb
 *.suo
 .vs/
 +.idea/
 *.sln.ide/
 *.tlb
 *.tlh
Original file line number	Diff line number	Diff line change
`@@ -204,6 +204,19 @@ public static string NativeLibraryPath`
`204`	`204`	`}`
`205`	`205`	`}`
`206`	`206`
	`207`	`+ /// <summary>`
	`208`	`+ /// Controls the status of repository directory owner validation.`
	`209`	`+ /// </summary>`
	`210`	`+ /// <remarks>`
	`211`	`+ /// By default, repository directories must be owned by the current user to be opened. This can be disabled by setting this property to false.`
	`212`	`+ /// Note that disabling this can lead to security vulnerabilities (see CVE-2022-24765).`
	`213`	`+ /// </remarks>`
	`214`	`+ public static bool OwnerValidation`
	`215`	`+ {`
	`216`	`+ get => Proxy.git_libgit2_opts_get_owner_validation();`
	`217`	`+ set => Proxy.git_libgit2_opts_set_owner_validation(value);`
	`218`	`+ }`
	`219`	`+`
`207`	`220`	`internal static string GetAndLockNativeLibraryPath()`
`208`	`221`	`{`
`209`	`222`	`nativeLibraryPathLocked = true;`