You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
220 lines
5.3 KiB
220 lines
5.3 KiB
# Test routines for checking protocol disabling. |
|
|
|
# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist |
|
test_whitelist () { |
|
desc=$1 |
|
proto=$2 |
|
url=$3 |
|
|
|
test_expect_success "clone $desc (enabled)" ' |
|
rm -rf tmp.git && |
|
( |
|
GIT_ALLOW_PROTOCOL=$proto && |
|
export GIT_ALLOW_PROTOCOL && |
|
git clone --bare "$url" tmp.git |
|
) |
|
' |
|
|
|
test_expect_success "fetch $desc (enabled)" ' |
|
( |
|
cd tmp.git && |
|
GIT_ALLOW_PROTOCOL=$proto && |
|
export GIT_ALLOW_PROTOCOL && |
|
git fetch |
|
) |
|
' |
|
|
|
test_expect_success "push $desc (enabled)" ' |
|
( |
|
cd tmp.git && |
|
GIT_ALLOW_PROTOCOL=$proto && |
|
export GIT_ALLOW_PROTOCOL && |
|
git push origin HEAD:pushed |
|
) |
|
' |
|
|
|
test_expect_success "push $desc (disabled)" ' |
|
( |
|
cd tmp.git && |
|
GIT_ALLOW_PROTOCOL=none && |
|
export GIT_ALLOW_PROTOCOL && |
|
test_must_fail git push origin HEAD:pushed |
|
) |
|
' |
|
|
|
test_expect_success "fetch $desc (disabled)" ' |
|
( |
|
cd tmp.git && |
|
GIT_ALLOW_PROTOCOL=none && |
|
export GIT_ALLOW_PROTOCOL && |
|
test_must_fail git fetch |
|
) |
|
' |
|
|
|
test_expect_success "clone $desc (disabled)" ' |
|
rm -rf tmp.git && |
|
( |
|
GIT_ALLOW_PROTOCOL=none && |
|
export GIT_ALLOW_PROTOCOL && |
|
test_must_fail git clone --bare "$url" tmp.git |
|
) |
|
' |
|
|
|
test_expect_success "clone $desc (env var has precedence)" ' |
|
rm -rf tmp.git && |
|
( |
|
GIT_ALLOW_PROTOCOL=none && |
|
export GIT_ALLOW_PROTOCOL && |
|
test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git && |
|
test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git |
|
) |
|
' |
|
} |
|
|
|
test_config () { |
|
desc=$1 |
|
proto=$2 |
|
url=$3 |
|
|
|
# Test clone/fetch/push with protocol.<type>.allow config |
|
test_expect_success "clone $desc (enabled with config)" ' |
|
rm -rf tmp.git && |
|
git -c protocol.$proto.allow=always clone --bare "$url" tmp.git |
|
' |
|
|
|
test_expect_success "fetch $desc (enabled)" ' |
|
git -C tmp.git -c protocol.$proto.allow=always fetch |
|
' |
|
|
|
test_expect_success "push $desc (enabled)" ' |
|
git -C tmp.git -c protocol.$proto.allow=always push origin HEAD:pushed |
|
' |
|
|
|
test_expect_success "push $desc (disabled)" ' |
|
test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed |
|
' |
|
|
|
test_expect_success "fetch $desc (disabled)" ' |
|
test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch |
|
' |
|
|
|
test_expect_success "clone $desc (disabled)" ' |
|
rm -rf tmp.git && |
|
test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git |
|
' |
|
|
|
# Test clone/fetch/push with protocol.user.allow and its env var |
|
test_expect_success "clone $desc (enabled)" ' |
|
rm -rf tmp.git && |
|
git -c protocol.$proto.allow=user clone --bare "$url" tmp.git |
|
' |
|
|
|
test_expect_success "fetch $desc (enabled)" ' |
|
git -C tmp.git -c protocol.$proto.allow=user fetch |
|
' |
|
|
|
test_expect_success "push $desc (enabled)" ' |
|
git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed |
|
' |
|
|
|
test_expect_success "push $desc (disabled)" ' |
|
( |
|
cd tmp.git && |
|
GIT_PROTOCOL_FROM_USER=0 && |
|
export GIT_PROTOCOL_FROM_USER && |
|
test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed |
|
) |
|
' |
|
|
|
test_expect_success "fetch $desc (disabled)" ' |
|
( |
|
cd tmp.git && |
|
GIT_PROTOCOL_FROM_USER=0 && |
|
export GIT_PROTOCOL_FROM_USER && |
|
test_must_fail git -c protocol.$proto.allow=user fetch |
|
) |
|
' |
|
|
|
test_expect_success "clone $desc (disabled)" ' |
|
rm -rf tmp.git && |
|
( |
|
GIT_PROTOCOL_FROM_USER=0 && |
|
export GIT_PROTOCOL_FROM_USER && |
|
test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git |
|
) |
|
' |
|
|
|
# Test clone/fetch/push with protocol.allow user defined default |
|
test_expect_success "clone $desc (enabled)" ' |
|
rm -rf tmp.git && |
|
test_config_global protocol.allow always && |
|
git clone --bare "$url" tmp.git |
|
' |
|
|
|
test_expect_success "fetch $desc (enabled)" ' |
|
test_config_global protocol.allow always && |
|
git -C tmp.git fetch |
|
' |
|
|
|
test_expect_success "push $desc (enabled)" ' |
|
test_config_global protocol.allow always && |
|
git -C tmp.git push origin HEAD:pushed |
|
' |
|
|
|
test_expect_success "push $desc (disabled)" ' |
|
test_config_global protocol.allow never && |
|
test_must_fail git -C tmp.git push origin HEAD:pushed |
|
' |
|
|
|
test_expect_success "fetch $desc (disabled)" ' |
|
test_config_global protocol.allow never && |
|
test_must_fail git -C tmp.git fetch |
|
' |
|
|
|
test_expect_success "clone $desc (disabled)" ' |
|
rm -rf tmp.git && |
|
test_config_global protocol.allow never && |
|
test_must_fail git clone --bare "$url" tmp.git |
|
' |
|
} |
|
|
|
# test cloning a particular protocol |
|
# $1 - description of the protocol |
|
# $2 - machine-readable name of the protocol |
|
# $3 - the URL to try cloning |
|
test_proto () { |
|
test_whitelist "$@" |
|
|
|
test_config "$@" |
|
} |
|
|
|
# set up an ssh wrapper that will access $host/$repo in the |
|
# trash directory, and enable it for subsequent tests. |
|
setup_ssh_wrapper () { |
|
test_expect_success 'setup ssh wrapper' ' |
|
write_script ssh-wrapper <<-\EOF && |
|
echo >&2 "ssh: $*" |
|
host=$1; shift |
|
cd "$TRASH_DIRECTORY/$host" && |
|
eval "$*" |
|
EOF |
|
GIT_SSH="$PWD/ssh-wrapper" && |
|
export GIT_SSH && |
|
export TRASH_DIRECTORY |
|
' |
|
} |
|
|
|
# set up a wrapper that can be used with remote-ext to |
|
# access repositories in the "remote" directory of trash-dir, |
|
# like "ext::fake-remote %S repo.git" |
|
setup_ext_wrapper () { |
|
test_expect_success 'setup ext wrapper' ' |
|
write_script fake-remote <<-\EOF && |
|
echo >&2 "fake-remote: $*" |
|
cd "$TRASH_DIRECTORY/remote" && |
|
eval "$*" |
|
EOF |
|
PATH=$TRASH_DIRECTORY:$PATH && |
|
export TRASH_DIRECTORY |
|
' |
|
}
|
|
|