Merge pull request from GHSA-7w47-3wg8-547c

fix for CVE-2024-35186 and CVE-2024-35197

Author: Byron

Cargo.lock

@@ -84,3 +84,11 @@ pub use discover::discover;
 
 #[cfg(all(feature = "async-client", feature = "blocking-client"))]
 compile_error!("Cannot set both 'blocking-client' and 'async-client' features as they are mutually exclusive");
+
+fn is_dir_to_mode(is_dir: bool) -> gix::index::entry::Mode {
+    if is_dir {
+        gix::index::entry::Mode::DIR
+    } else {
+        gix::index::entry::Mode::FILE
+    }
+}

gitoxide-core/src/lib.rs

@@ -14,6 +14,7 @@ pub(crate) mod function {
     use gix::bstr::BStr;
 
     use crate::{
+        is_dir_to_mode,
         repository::{
             attributes::query::{attributes_cache, Options},
             PathsOrPatterns,
@@ -38,12 +39,12 @@ pub(crate) mod function {
         match input {
             PathsOrPatterns::Paths(paths) => {
                 for path in paths {
-                    let is_dir = gix::path::from_bstr(Cow::Borrowed(path.as_ref()))
+                    let mode = gix::path::from_bstr(Cow::Borrowed(path.as_ref()))
                         .metadata()
                         .ok()
-                        .map(|m| m.is_dir());
+                        .map(|m| is_dir_to_mode(m.is_dir()));
 
-                    let entry = cache.at_entry(path.as_slice(), is_dir)?;
+                    let entry = cache.at_entry(path.as_slice(), mode)?;
                     if !entry.matching_attributes(&mut matches) {
                         continue;
                     }
@@ -61,9 +62,9 @@ pub(crate) mod function {
                 )?;
                 let mut pathspec_matched_entry = false;
                 if let Some(it) = pathspec.index_entries_with_paths(&index) {
-                    for (path, _entry) in it {
+                    for (path, entry) in it {
                         pathspec_matched_entry = true;
-                        let entry = cache.at_entry(path, Some(false))?;
+                        let entry = cache.at_entry(path, entry.mode.into())?;
                         if !entry.matching_attributes(&mut matches) {
                             continue;
                         }
@@ -87,10 +88,10 @@ pub(crate) mod function {
                         let path = pattern.path();
                         let entry = cache.at_entry(
                             path,
-                            Some(
+                            Some(is_dir_to_mode(
                                 workdir.map_or(false, |wd| wd.join(gix::path::from_bstr(path)).is_dir())
                                     || pattern.signature.contains(gix::pathspec::MagicSignature::MUST_BE_DIR),
-                            ),
+                            )),
                         )?;
                         if !entry.matching_attributes(&mut matches) {
                             continue;

gitoxide-core/src/repository/attributes/query.rs

@@ -192,7 +192,7 @@ pub(crate) mod function {
         );
 
         for (rela_path, baseline) in rx_base {
-            let entry = cache.at_entry(rela_path.as_str(), Some(false))?;
+            let entry = cache.at_entry(rela_path.as_str(), None)?;
             match baseline {
                 Baseline::Attribute { assignments: expected } => {
                     entry.matching_attributes(&mut matches);

gitoxide-core/src/repository/attributes/validate_baseline.rs

@@ -3,7 +3,7 @@ use std::{borrow::Cow, io};
 use anyhow::bail;
 use gix::bstr::BStr;
 
-use crate::{repository::PathsOrPatterns, OutputFormat};
+use crate::{is_dir_to_mode, repository::PathsOrPatterns, OutputFormat};
 
 pub mod query {
     use std::ffi::OsString;
@@ -44,11 +44,11 @@ pub fn query(
     match input {
         PathsOrPatterns::Paths(paths) => {
             for path in paths {
-                let is_dir = gix::path::from_bstr(Cow::Borrowed(path.as_ref()))
+                let mode = gix::path::from_bstr(Cow::Borrowed(path.as_ref()))
                     .metadata()
                     .ok()
-                    .map(|m| m.is_dir());
-                let entry = cache.at_entry(path.as_slice(), is_dir)?;
+                    .map(|m| is_dir_to_mode(m.is_dir()));
+                let entry = cache.at_entry(path.as_slice(), mode)?;
                 let match_ = entry
                     .matching_exclude_pattern()
                     .and_then(|m| (show_ignore_patterns || !m.pattern.is_negative()).then_some(m));
@@ -66,9 +66,9 @@ pub fn query(
             )?;
 
             if let Some(it) = pathspec.index_entries_with_paths(&index) {
-                for (path, _entry) in it {
+                for (path, entry) in it {
                     pathspec_matched_something = true;
-                    let entry = cache.at_entry(path, Some(false))?;
+                    let entry = cache.at_entry(path, entry.mode.into())?;
                     let match_ = entry
                         .matching_exclude_pattern()
                         .and_then(|m| (show_ignore_patterns || !m.pattern.is_negative()).then_some(m));
@@ -92,10 +92,10 @@ pub fn query(
                     let path = pattern.path();
                     let entry = cache.at_entry(
                         path,
-                        Some(
+                        Some(is_dir_to_mode(
                             workdir.map_or(false, |wd| wd.join(gix::path::from_bstr(path)).is_dir())
                                 || pattern.signature.contains(gix::pathspec::MagicSignature::MUST_BE_DIR),
-                        ),
+                        )),
                     )?;
                     let match_ = entry
                         .matching_exclude_pattern()

gitoxide-core/src/repository/exclude.rs

@@ -31,6 +31,7 @@ pub(crate) mod function {
     };
 
     use crate::{
+        is_dir_to_mode,
         repository::index::entries::{Attributes, Options},
         OutputFormat,
     };
@@ -174,7 +175,7 @@ pub(crate) mod function {
                                         }
                                         // The user doesn't want attributes, so we set the cache position on demand only
                                         None => cache
-                                            .at_entry(rela_path, Some(is_dir))
+                                            .at_entry(rela_path, Some(is_dir_to_mode(is_dir)))
                                             .ok()
                                             .map(|platform| platform.matching_attributes(out))
                                             .unwrap_or_default(),

gitoxide-core/src/repository/index/entries.rs

@@ -127,11 +127,10 @@ pub(crate) mod function {
             }
             gix::object::Kind::Blob if cache.is_some() && spec.path_and_mode().is_some() => {
                 let (path, mode) = spec.path_and_mode().expect("is present");
-                let is_dir = Some(mode.is_tree());
                 match cache.expect("is some") {
                     (BlobFormat::Git, _) => unreachable!("no need for a cache when querying object db"),
                     (BlobFormat::Worktree, cache) => {
-                        let platform = cache.attr_stack.at_entry(path, is_dir, &repo.objects)?;
+                        let platform = cache.attr_stack.at_entry(path, Some(mode.into()), &repo.objects)?;
                         let object = id.object()?;
                         let mut converted = cache.filter.worktree_filter.convert_to_worktree(
                             &object.data,

gitoxide-core/src/repository/revision/resolve.rs

@@ -233,7 +233,7 @@ mod from_tree {
             noop_pipeline(),
             move |rela_path, mode, attrs| {
                 cache
-                    .at_entry(rela_path, mode.is_tree().into(), &odb)
+                    .at_entry(rela_path, Some(mode.into()), &odb)
                     .map(|entry| entry.matching_attributes(attrs))
                     .map(|_| ())
             },

gix-archive/tests/archive.rs

@@ -583,14 +583,14 @@ impl Platform {
         if self.diff_cache.contains_key(storage) {
             return Ok(());
         }
-        let entry = self
-            .attr_stack
-            .at_entry(rela_path, Some(false), objects)
-            .map_err(|err| set_resource::Error::Attributes {
-                source: err,
-                kind,
-                rela_path: rela_path.to_owned(),
-            })?;
+        let entry =
+            self.attr_stack
+                .at_entry(rela_path, None, objects)
+                .map_err(|err| set_resource::Error::Attributes {
+                    source: err,
+                    kind,
+                    rela_path: rela_path.to_owned(),
+                })?;
         let mut buf = Vec::new();
         let out = self.filter.convert_to_diffable(
             &id,

gix-diff/src/blob/platform.rs

@@ -507,7 +507,7 @@ pub(crate) mod convert_to_diffable {
         assert_eq!(out.data, Some(pipeline::Data::Binary { size: 11 }));
         assert_eq!(buf.len(), 0, "buffers are cleared even if we read them");
 
-        let platform = attributes.at_entry("c", Some(false), &gix_object::find::Never)?;
+        let platform = attributes.at_entry("c", None, &gix_object::find::Never)?;
 
         let id = db.insert("b");
         let out = filter.convert_to_diffable(
@@ -589,7 +589,7 @@ pub(crate) mod convert_to_diffable {
         let mut db = ObjectDb::default();
         let null = gix_hash::Kind::Sha1.null();
         let mut buf = Vec::new();
-        let platform = attributes.at_entry("a", Some(false), &gix_object::find::Never)?;
+        let platform = attributes.at_entry("a", None, &gix_object::find::Never)?;
         let worktree_modes = [
             pipeline::Mode::ToWorktreeAndBinaryToText,
             pipeline::Mode::ToGitUnlessBinaryToTextIsPresent,
@@ -672,7 +672,7 @@ pub(crate) mod convert_to_diffable {
             "no filter was applied in this mode, also when using the ODB"
         );
 
-        let platform = attributes.at_entry("missing", Some(false), &gix_object::find::Never)?;
+        let platform = attributes.at_entry("missing", None, &gix_object::find::Never)?;
         for mode in all_modes {
             buf.push(1);
             let out = filter.convert_to_diffable(
@@ -731,7 +731,7 @@ pub(crate) mod convert_to_diffable {
             );
         }
 
-        let platform = attributes.at_entry("b", Some(false), &gix_object::find::Never)?;
+        let platform = attributes.at_entry("b", None, &gix_object::find::Never)?;
         for mode in all_modes {
             buf.push(1);
             let out = filter.convert_to_diffable(
@@ -781,7 +781,7 @@ pub(crate) mod convert_to_diffable {
             assert_eq!(buf.len(), 0, "it's always cleared before any potential use");
         }
 
-        let platform = attributes.at_entry("c", Some(false), &gix_object::find::Never)?;
+        let platform = attributes.at_entry("c", None, &gix_object::find::Never)?;
         for mode in worktree_modes {
             let out = filter.convert_to_diffable(
                 &null,
@@ -827,7 +827,7 @@ pub(crate) mod convert_to_diffable {
             );
         }
 
-        let platform = attributes.at_entry("unset", Some(false), &gix_object::find::Never)?;
+        let platform = attributes.at_entry("unset", None, &gix_object::find::Never)?;
         for mode in all_modes {
             let out = filter.convert_to_diffable(
                 &null,
@@ -879,7 +879,7 @@ pub(crate) mod convert_to_diffable {
             assert_eq!(buf.len(), 0);
         }
 
-        let platform = attributes.at_entry("d", Some(false), &gix_object::find::Never)?;
+        let platform = attributes.at_entry("d", None, &gix_object::find::Never)?;
         let id = db.insert("d-in-db");
         for mode in worktree_modes {
             let out = filter.convert_to_diffable(
@@ -923,7 +923,7 @@ pub(crate) mod convert_to_diffable {
             );
         }
 
-        let platform = attributes.at_entry("e-no-attr", Some(false), &gix_object::find::Never)?;
+        let platform = attributes.at_entry("e-no-attr", None, &gix_object::find::Never)?;
         let out = filter.convert_to_diffable(
             &null,
             EntryKind::Blob,