git: Add strict checks for supported extensions

pjbgf · pjbgf · commit 8e71edfdc167 · 2026-02-24T12:35:37.000Z
The upstream Git enforces fail-safe heuristics to ensure that older git versions will avoid handling repositories using extensions they are unaware of. The logic is largely based on the value of core.repositoryformatversion. As per official Git docs: > This version specifies the rules for operating on the on-disk repository data. > An implementation of git which does not understand a particular version > advertised by an on-disk repository MUST NOT operate on that repository; > doing so risks not only producing wrong results, but actually losing data. Now go-git will ensure that: - The git.Open logic will verify and enforces the extension support rules. - go-git will keep track of built-in extensions that it supports. This is a breaking change and it will force go-git to not be able to open repositories that it in fact doesn't really support. Conversaly, the error messages will be more useful (e.g. unknown extension vs object not found). Upstream refs: - https://git-scm.com/docs/git-config#Documentation/git-config.txt-extensions - https://git-scm.com/docs/gitrepository-layout#_git_repository_format_versions Signed-off-by: Paulo Gomes <pjbgf@linux.com>
diff --git a/repository.go b/repository.go
@@ -208,6 +208,12 @@ func Open(s storage.Storer, worktree billy.Filesystem) (*Repository, error) {
 		return nil, ErrRepositoryNotExists
 	}
 
+	cfg, err := s.Config()
+	if err != nil {
+		return nil, err
+	}
+
+	err = verifyExtensions(s, cfg)
 	if err != nil {
 		return nil, err
 	}
diff --git a/repository_extensions.go b/repository_extensions.go
@@ -0,0 +1,121 @@
+package git
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/go-git/go-git/v5/config"
+	cfgformat "github.com/go-git/go-git/v5/plumbing/format/config"
+	"github.com/go-git/go-git/v5/storage"
+)
+
+var (
+	// ErrUnsupportedExtensionRepositoryFormatVersion represents when an
+	// extension being used is not compatible with the repository's
+	// core.repositoryFormatVersion.
+	ErrUnsupportedExtensionRepositoryFormatVersion = errors.New("core.repositoryformatversion does not support extension")
+
+	// ErrUnsupportedRepositoryFormatVersion represents when an repository
+	// is using a format version that is not supported.
+	ErrUnsupportedRepositoryFormatVersion = errors.New("core.repositoryformatversion not supported")
+
+	// ErrUnknownExtension represents when a repository has an extension
+	// which is unknown or unsupported by go-git.
+	ErrUnknownExtension = errors.New("unknown extension")
+
+	// builtinExtensions defines the Git extensions that are supported by
+	// the core go-git implementation.
+	//
+	// Some extensions are storage-specific, those are defined by the Storers
+	// themselves by implementing the ExtensionChecker interface.
+	builtinExtensions = map[string]struct{}{
+		// noop does not change git’s behavior at all.
+		// It is useful only for testing format-1 compatibility.
+		//
+		// This extension is respected regardless of the
+		// core.repositoryFormatVersion setting.
+		"noop": {},
+
+		// noop-v1 does not change git’s behavior at all.
+		// It is useful only for testing format-1 compatibility.
+		"noop-v1": {},
+	}
+
+	// Some Git extensions were supported upstream before the introduction
+	// of repositoryformatversion. These are the only extensions that can be
+	// enabled while core.repositoryformatversion is unset or set to 0.
+	extensionsValidForV0 = map[string]struct{}{
+		"noop":            {},
+		"partialClone":    {},
+		"preciousObjects": {},
+		"worktreeConfig":  {},
+	}
+)
+
+type extension struct {
+	name  string
+	value string
+}
+
+func extensions(cfg *config.Config) []extension {
+	if cfg == nil || cfg.Raw == nil {
+		return nil
+	}
+
+	if !cfg.Raw.HasSection("extensions") {
+		return nil
+	}
+
+	section := cfg.Raw.Section("extensions")
+	out := make([]extension, 0, len(section.Options))
+	for _, opt := range section.Options {
+		out = append(out, extension{name: strings.ToLower(opt.Key), value: strings.ToLower(opt.Value)})
+	}
+
+	return out
+}
+
+func verifyExtensions(st storage.Storer, cfg *config.Config) error {
+	needed := extensions(cfg)
+
+	switch cfg.Core.RepositoryFormatVersion {
+	case "", cfgformat.Version_0, cfgformat.Version_1:
+	default:
+		return fmt.Errorf("%w: %q",
+			ErrUnsupportedRepositoryFormatVersion,
+			cfg.Core.RepositoryFormatVersion)
+	}
+
+	if len(needed) > 0 {
+		if cfg.Core.RepositoryFormatVersion == cfgformat.Version_0 ||
+			cfg.Core.RepositoryFormatVersion == "" {
+			var unsupported []string
+			for _, ext := range needed {
+				if _, ok := extensionsValidForV0[ext.name]; !ok {
+					unsupported = append(unsupported, ext.name)
+				}
+			}
+			if len(unsupported) > 0 {
+				return fmt.Errorf("%w: %s",
+					ErrUnsupportedExtensionRepositoryFormatVersion,
+					strings.Join(unsupported, ", "))
+			}
+		}
+
+		var missing []string
+		for _, ext := range needed {
+			if _, ok := builtinExtensions[ext.name]; ok {
+				continue
+			}
+
+			missing = append(missing, ext.name)
+		}
+
+		if len(missing) > 0 {
+			return fmt.Errorf("%w: %s", ErrUnknownExtension, strings.Join(missing, ", "))
+		}
+	}
+
+	return nil
+}
diff --git a/repository_extensions_test.go b/repository_extensions_test.go
@@ -0,0 +1,97 @@
+package git
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/go-git/go-git/v5/config"
+	formatcfg "github.com/go-git/go-git/v5/plumbing/format/config"
+	"github.com/go-git/go-git/v5/storage/memory"
+)
+
+func TestVerifyExtensions(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name    string
+		setup   func(*testing.T, *config.Config)
+		wantErr string
+	}{
+		{
+			name: "repositoryformatversion=0: invalid extension",
+			setup: func(t *testing.T, cfg *config.Config) {
+				cfg.Core.RepositoryFormatVersion = formatcfg.Version_0
+				cfg.Raw.Section("extensions").SetOption("unknown", "foo")
+				cfg.Raw.Section("extensions").SetOption("objectformat", "sha1")
+			},
+			wantErr: "repositoryformatversion does not support extension: unknown, objectformat",
+		},
+		{
+			name: "repositoryformatversion=0: allows supported noop",
+			setup: func(t *testing.T, cfg *config.Config) {
+				cfg.Core.RepositoryFormatVersion = formatcfg.Version_0
+				cfg.Raw.Section("extensions").SetOption("noop", "bar")
+			},
+		},
+		{
+			name: "repositoryformatversion='': allows supported noop",
+			setup: func(t *testing.T, cfg *config.Config) {
+				cfg.Raw.Section("extensions").SetOption("noop", "bar")
+			},
+		},
+		{
+			name: "repositoryformatversion=1: rejects unknown extensions",
+			setup: func(t *testing.T, cfg *config.Config) {
+				cfg.Core.RepositoryFormatVersion = formatcfg.Version_1
+				cfg.Raw.Section("extensions").SetOption("unknownext", "true")
+			},
+			wantErr: "unknown extension: unknownext",
+		},
+		{
+			name: "repositoryformatversion=1: allows known extension",
+			setup: func(t *testing.T, cfg *config.Config) {
+				cfg.Core.RepositoryFormatVersion = formatcfg.Version_1
+				cfg.Raw.Section("extensions").SetOption("NOOP", "foo")
+				cfg.Raw.Section("extensions").SetOption("noop-v1", "bar")
+			},
+		},
+		{
+			name: "repositoryformatversion=1: rejects objectformat=sha1", // not supported in go-git/v5
+			setup: func(t *testing.T, cfg *config.Config) {
+				cfg.Core.RepositoryFormatVersion = formatcfg.Version_1
+				cfg.Raw.Section("extensions").SetOption("objectformat", "sha1")
+			},
+			wantErr: "unknown extension: objectformat",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			st := memory.NewStorage()
+
+			r, err := Init(st, nil)
+			require.NoError(t, err)
+			require.NotNil(t, r)
+
+			cfg, err := st.Config()
+			require.NoError(t, err)
+
+			tt.setup(t, cfg)
+			require.NoError(t, st.SetConfig(cfg))
+
+			r, err = Open(st, nil)
+			if tt.wantErr != "" {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tt.wantErr)
+				assert.Nil(t, r)
+			} else {
+				require.NoError(t, err)
+				assert.NotNil(t, r)
+			}
+		})
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -208,6 +208,12 @@ func Open(s storage.Storer, worktree billy.Filesystem) (*Repository, error) {`
`208`	`208`	`return nil, ErrRepositoryNotExists`
`209`	`209`	`}`
`210`	`210`
	`211`	`+ cfg, err := s.Config()`
	`212`	`+ if err != nil {`
	`213`	`+ return nil, err`
	`214`	`+ }`
	`215`	`+`
	`216`	`+ err = verifyExtensions(s, cfg)`
`211`	`217`	`if err != nil {`
`212`	`218`	`return nil, err`
`213`	`219`	`}`