commit 0458faa502e9992a4305bfbb282fbee344d505bf
author Mike Frysinger <vapier@google.com> Wed Mar 10 23:35:44 2021 -0500
committer Mike Frysinger <vapier@google.com> Fri Mar 12 16:31:14 2021 +0000
tree a91a10bd124b06c55c3a8ca522143d810070d1a6
parent 68d5d4dfe5375be53f935c8b72060a56801dda24

manifest: allow toplevel project checkouts

Re-allow checking out projects to the top of the repo client checkout.
We add checks to prevent checking out files under .repo/ as that path
is only managed by us, and projects cannot inject content or settings
into it.

Bug: https://crbug.com/gerrit/14156
Bug: https://crbug.com/gerrit/14200
Change-Id: Id6bf9e882f5be748442b2c35bbeaee3549410b25
Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/299623
Reviewed-by: Michael Mortensen <mmortensen@google.com>
Tested-by: Mike Frysinger <vapier@google.com>

manifest_xml.py

diff --git a/manifest_xml.py b/manifest_xml.py
index 6d8fca1..d67ba72 100644
--- a/manifest_xml.py
+++ b/manifest_xml.py
@@ -1039,7 +1039,8 @@
     if not path:
       path = name
     else:
-      msg = self._CheckLocalPath(path, dir_ok=True)
+      # NB: The "." project is handled specially in Project.Sync_LocalHalf.
+      msg = self._CheckLocalPath(path, dir_ok=True, cwd_dot_ok=True)
       if msg:
         raise ManifestInvalidPathError(
             '<project> invalid "path": %s: %s' % (path, msg))
@@ -1227,7 +1228,9 @@
     # our constructed logic here.  Especially since manifest authors only use
     # / in their paths.
     resep = re.compile(r'[/%s]' % re.escape(os.path.sep))
-    parts = resep.split(path)
+    # Strip off trailing slashes as those only produce '' elements, and we use
+    # parts to look for individual bad components.
+    parts = resep.split(path.rstrip('/'))
 
     # Some people use src="." to create stable links to projects.  Lets allow
     # that but reject all other uses of "." to keep things simple.