221 lines
		
	
	
		
			5.3 KiB
		
	
	
	
		
			Bash
		
	
	
			
		
		
	
	
			221 lines
		
	
	
		
			5.3 KiB
		
	
	
	
		
			Bash
		
	
	
| # Test routines for checking protocol disabling.
 | |
| 
 | |
| # Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist
 | |
| test_whitelist () {
 | |
| 	desc=$1
 | |
| 	proto=$2
 | |
| 	url=$3
 | |
| 
 | |
| 	test_expect_success "clone $desc (enabled)" '
 | |
| 		rm -rf tmp.git &&
 | |
| 		(
 | |
| 			GIT_ALLOW_PROTOCOL=$proto &&
 | |
| 			export GIT_ALLOW_PROTOCOL &&
 | |
| 			git clone --bare "$url" tmp.git
 | |
| 		)
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "fetch $desc (enabled)" '
 | |
| 		(
 | |
| 			cd tmp.git &&
 | |
| 			GIT_ALLOW_PROTOCOL=$proto &&
 | |
| 			export GIT_ALLOW_PROTOCOL &&
 | |
| 			git fetch
 | |
| 		)
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "push $desc (enabled)" '
 | |
| 		(
 | |
| 			cd tmp.git &&
 | |
| 			GIT_ALLOW_PROTOCOL=$proto &&
 | |
| 			export GIT_ALLOW_PROTOCOL &&
 | |
| 			git push origin HEAD:pushed
 | |
| 		)
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "push $desc (disabled)" '
 | |
| 		(
 | |
| 			cd tmp.git &&
 | |
| 			GIT_ALLOW_PROTOCOL=none &&
 | |
| 			export GIT_ALLOW_PROTOCOL &&
 | |
| 			test_must_fail git push origin HEAD:pushed
 | |
| 		)
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "fetch $desc (disabled)" '
 | |
| 		(
 | |
| 			cd tmp.git &&
 | |
| 			GIT_ALLOW_PROTOCOL=none &&
 | |
| 			export GIT_ALLOW_PROTOCOL &&
 | |
| 			test_must_fail git fetch
 | |
| 		)
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "clone $desc (disabled)" '
 | |
| 		rm -rf tmp.git &&
 | |
| 		(
 | |
| 			GIT_ALLOW_PROTOCOL=none &&
 | |
| 			export GIT_ALLOW_PROTOCOL &&
 | |
| 			test_must_fail git clone --bare "$url" tmp.git
 | |
| 		)
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "clone $desc (env var has precedence)" '
 | |
| 		rm -rf tmp.git &&
 | |
| 		(
 | |
| 			GIT_ALLOW_PROTOCOL=none &&
 | |
| 			export GIT_ALLOW_PROTOCOL &&
 | |
| 			test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git &&
 | |
| 			test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
 | |
| 		)
 | |
| 	'
 | |
| }
 | |
| 
 | |
| test_config () {
 | |
| 	desc=$1
 | |
| 	proto=$2
 | |
| 	url=$3
 | |
| 
 | |
| 	# Test clone/fetch/push with protocol.<type>.allow config
 | |
| 	test_expect_success "clone $desc (enabled with config)" '
 | |
| 		rm -rf tmp.git &&
 | |
| 		git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "fetch $desc (enabled)" '
 | |
| 		git -C tmp.git -c protocol.$proto.allow=always fetch
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "push $desc (enabled)" '
 | |
| 		git -C tmp.git -c protocol.$proto.allow=always  push origin HEAD:pushed
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "push $desc (disabled)" '
 | |
| 		test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "fetch $desc (disabled)" '
 | |
| 		test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "clone $desc (disabled)" '
 | |
| 		rm -rf tmp.git &&
 | |
| 		test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git
 | |
| 	'
 | |
| 
 | |
| 	# Test clone/fetch/push with protocol.user.allow and its env var
 | |
| 	test_expect_success "clone $desc (enabled)" '
 | |
| 		rm -rf tmp.git &&
 | |
| 		git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "fetch $desc (enabled)" '
 | |
| 		git -C tmp.git -c protocol.$proto.allow=user fetch
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "push $desc (enabled)" '
 | |
| 		git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "push $desc (disabled)" '
 | |
| 		(
 | |
| 			cd tmp.git &&
 | |
| 			GIT_PROTOCOL_FROM_USER=0 &&
 | |
| 			export GIT_PROTOCOL_FROM_USER &&
 | |
| 			test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed
 | |
| 		)
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "fetch $desc (disabled)" '
 | |
| 		(
 | |
| 			cd tmp.git &&
 | |
| 			GIT_PROTOCOL_FROM_USER=0 &&
 | |
| 			export GIT_PROTOCOL_FROM_USER &&
 | |
| 			test_must_fail git -c protocol.$proto.allow=user fetch
 | |
| 		)
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "clone $desc (disabled)" '
 | |
| 		rm -rf tmp.git &&
 | |
| 		(
 | |
| 			GIT_PROTOCOL_FROM_USER=0 &&
 | |
| 			export GIT_PROTOCOL_FROM_USER &&
 | |
| 			test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
 | |
| 		)
 | |
| 	'
 | |
| 
 | |
| 	# Test clone/fetch/push with protocol.allow user defined default
 | |
| 	test_expect_success "clone $desc (enabled)" '
 | |
| 		rm -rf tmp.git &&
 | |
| 		test_config_global protocol.allow always &&
 | |
| 		git clone --bare "$url" tmp.git
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "fetch $desc (enabled)" '
 | |
| 		test_config_global protocol.allow always &&
 | |
| 		git -C tmp.git fetch
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "push $desc (enabled)" '
 | |
| 		test_config_global protocol.allow always &&
 | |
| 		git -C tmp.git push origin HEAD:pushed
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "push $desc (disabled)" '
 | |
| 		test_config_global protocol.allow never &&
 | |
| 		test_must_fail git -C tmp.git push origin HEAD:pushed
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "fetch $desc (disabled)" '
 | |
| 		test_config_global protocol.allow never &&
 | |
| 		test_must_fail git -C tmp.git fetch
 | |
| 	'
 | |
| 
 | |
| 	test_expect_success "clone $desc (disabled)" '
 | |
| 		rm -rf tmp.git &&
 | |
| 		test_config_global protocol.allow never &&
 | |
| 		test_must_fail git clone --bare "$url" tmp.git
 | |
| 	'
 | |
| }
 | |
| 
 | |
| # test cloning a particular protocol
 | |
| #   $1 - description of the protocol
 | |
| #   $2 - machine-readable name of the protocol
 | |
| #   $3 - the URL to try cloning
 | |
| test_proto () {
 | |
| 	test_whitelist "$@"
 | |
| 
 | |
| 	test_config "$@"
 | |
| }
 | |
| 
 | |
| # set up an ssh wrapper that will access $host/$repo in the
 | |
| # trash directory, and enable it for subsequent tests.
 | |
| setup_ssh_wrapper () {
 | |
| 	test_expect_success 'setup ssh wrapper' '
 | |
| 		write_script ssh-wrapper <<-\EOF &&
 | |
| 		echo >&2 "ssh: $*"
 | |
| 		host=$1; shift
 | |
| 		cd "$TRASH_DIRECTORY/$host" &&
 | |
| 		eval "$*"
 | |
| 		EOF
 | |
| 		GIT_SSH="$PWD/ssh-wrapper" &&
 | |
| 		export GIT_SSH &&
 | |
| 		export TRASH_DIRECTORY
 | |
| 	'
 | |
| }
 | |
| 
 | |
| # set up a wrapper that can be used with remote-ext to
 | |
| # access repositories in the "remote" directory of trash-dir,
 | |
| # like "ext::fake-remote %S repo.git"
 | |
| setup_ext_wrapper () {
 | |
| 	test_expect_success 'setup ext wrapper' '
 | |
| 		write_script fake-remote <<-\EOF &&
 | |
| 		echo >&2 "fake-remote: $*"
 | |
| 		cd "$TRASH_DIRECTORY/remote" &&
 | |
| 		eval "$*"
 | |
| 		EOF
 | |
| 		PATH=$TRASH_DIRECTORY:$PATH &&
 | |
| 		export TRASH_DIRECTORY
 | |
| 	'
 | |
| }
 |