Malicious actor replacing upstream does not faze Git

README.md

Some evil haxxor replaced upstream!

Repo iteration 1

[21:41] mkdir repo
[21:41] cd repo/
[21:41] git init .
Initialized empty Git repository in /Users/bittrance/tmp/repo/.git/
[21:41] echo 1 > ze-file
[21:41] git add ze-file
[21:42] git commit -m 'Commit 1'
[master (root-commit) 4445377] Commit 1
 1 file changed, 1 insertion(+)
 create mode 100644 ze-file
[21:42] echo 2 > ze-file
[21:43] git commit -m 'Commit 2' ze-file
[master 361012f] Commit 2
 1 file changed, 1 insertion(+), 1 deletion(-)

Check it out

[21:43] cd ../
[21:44] git clone ./repo/ ./checkout
Cloning into './checkout'...
done.
[21:44] cd checkout/
[21:44] cat ze-file
2

Repo iteration 2

[21:44] cd ../repo/
[21:44] rm -rf .git/ ze-file
[21:44] git init .
Initialized empty Git repository in /Users/bittrance/tmp/repo/.git/
[21:44] echo 3 > ze-file
[21:45] git add ze-file
[21:45] git commit -m 'Commit 3' ze-file
[master (root-commit) 0be964f] Commit 3
 1 file changed, 1 insertion(+)
 create mode 100644 ze-file
[21:45] echo 4 > ze-file
[21:45] git commit -m 'Commit 4' ze-file
[master 1480d0d] Commit 4
 1 file changed, 1 insertion(+), 1 deletion(-)

Pull from iteration 2

[21:45] cd ../checkout/
[21:45] git pull origin
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (6/6), 401 bytes | 133.00 KiB/s, done.
From /Users/bittrance/tmp/./repo
 + 361012f...1480d0d master     -> origin/master  (forced update)
Successfully rebased and updated refs/heads/master.
[21:46] cat ze-file
4
[21:49] git log --oneline
1480d0d (HEAD -> master, origin/master, origin/HEAD) Commit 4
0be964f Commit 3

Oh no, we've been pwned!

Repair it

[21:57] git log --oneline --reflog
1480d0d (HEAD -> master, origin/master, origin/HEAD) Commit 4
0be964f Commit 3
361012f Commit 2
4445377 Commit 1
[22:04] git checkout -b old-master                                                                                                                                                                                                                                         [|checkout]
Switched to a new branch 'old-master'
[22:05] git branch -f master 361012f                                                                                                                                                                                                                                       [|checkout]
[22:05] git checkout master                                                                                                                                                                                                                                                [|checkout]
Switched to branch 'master'
Your branch and 'origin/master' have diverged,
and have 2 and 2 different commits each, respectively.
  (use "git pull" to merge the remote branch into yours)
[22:05] git log --oneline                                                                                                                                                                                                                                                  [|checkout]
361012f (HEAD -> master) Commit 2
4445377 Commit 1

Also, the reflog tracks the history of branches, so if the malicious actor replaced multiple branches, you can reset them from their previous state.

[21:50] git reflog
1480d0d (origin/master, origin/HEAD, old-master) HEAD@{2}: pull origin (finish): returning to refs/heads/master
1480d0d (origin/master, origin/HEAD, old-master) HEAD@{3}: pull origin (start): checkout 1480d0d518b8ac9085f10f0b6462fb36e98c926b
361012f (HEAD -> master) HEAD@{4}: clone: from /Users/bittrance/tmp/./repo/