Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test: Git - handling unsafe repositories #167413

Closed
2 tasks done
lszomoru opened this issue Nov 28, 2022 · 2 comments
Closed
2 tasks done

Test: Git - handling unsafe repositories #167413

lszomoru opened this issue Nov 28, 2022 · 2 comments
Labels
testplan-item
Milestone
November 2022

Comments

@lszomoru
Copy link
Member

lszomoru commented Nov 28, 2022
edited by gregvanl
Loading

Refs: #157159

Complexity: 3

Create Issue

git 2.35.2 has introduced a change in behaviour so that no git commands can be executed against a repository that is owned by a user other than the current user. This change is behaviour was a response to a potential security vulnerability. You can read more about it here - https://github.blog/2022-04-12-git-security-vulnerability-announced/#cve-2022-24765.

Pre-requisites

  • Ensure that you have the latest version of Git for Windows installed.
  • Ensure that you have the git.autoRepositoryDetection set to true.

Single repository

  • Open a Windows Terminal as Administrator, and create a new folder called "scenario1"
  • Inside the "scenario1" folder, run git clone https://github.com/microsoft/vscode.git
  • Open a Windows Terminal as the current user, and navigate to "scenario1/vscode" folder
  • Execute git status
    • Confirm that you are getting an error about dubious folder ownership
  • Open VS Code Insiders, and open the "scenario1/vscode" folder
  • Switch to the "Source Control" view
    • Confirm that a welcome view is shown and review the message for clarity.
  • Click on the "Open Repository" button
    • Confirm that the repository is successfully opened

Multiple repositories

  • Open a Windows Terminal as Administrator, and create a new folder called "scenario2"
  • Inside the "scenario2" folder, run git clone https://github.com/microsoft/vscode.git vscode1
  • Inside the "scenario2" folder, run git clone https://github.com/microsoft/vscode.git vscode2
  • Open VS Code Insiders, and open the "scenario2" folder
  • Switch to the "Source Control" view
    • Confirm that a welcome view is shown and review the message for clarity.
  • Click on the "Open Repositories" button
    • Confirm that a quick pick opens listing both repositories
    • Click on "All Repositories" and confirm that both repositories are opened

Mixed repositories

  • Open a Windows Terminal as Administrator, and create a new folder called "scenario3"
  • Inside the "scenario3" folder, run git clone https://github.com/microsoft/vscode.git vscode1
  • Open a Windows Terminal as the current user, and navigate to "scenario3" folder
  • Inside the "scenario3" folder, run git clone https://github.com/microsoft/vscode.git vscode2
  • Open VS Code Insiders, and open the "scenario3" folder
  • Switch to the "Source Control" view
    • Confirm that the "vscode2" repository is opened
    • Confirm that a notification is shown for the "vscode1" repository
  • Click the "Open Repository" button in the notification
    • Confirm that the "vscode1" repository is opened
@lszomoru lszomoru added this to the November 2022 milestone Nov 28, 2022
@ghost ghost assigned bpasero and gregvanl Nov 29, 2022
@bpasero bpasero mentioned this issue Nov 29, 2022
Closed
@bpasero bpasero removed their assignment Nov 29, 2022
@bpasero
Copy link
Member

bpasero commented Nov 29, 2022

Nice steps 👍 . I once had a case where the SCM view would appear entirely empty, but was not able to reproduce later on.

@bpasero bpasero mentioned this issue Nov 29, 2022
Closed
This was referenced Nov 29, 2022
Closed
Closed
@gregvanl
Copy link

gregvanl commented Nov 29, 2022
edited
Loading

Agree, very clear steps 👍
I do see the empty SCM view case for the mixed repository case

@gregvanl gregvanl mentioned this issue Nov 29, 2022
Closed
@gregvanl gregvanl removed their assignment Nov 29, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Jan 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
testplan-item
Projects
None yet
Milestone
November 2022
Development

No branches or pull requests
3 participants
@bpasero @lszomoru @gregvanl