1b593e1ea4
git-subtree-dir: third_party/git git-subtree-split: cb715685942260375e1eb8153b0768a376e4ece7
220 lines
5.3 KiB
Bash
220 lines
5.3 KiB
Bash
# Test routines for checking protocol disabling.
|
|
|
|
# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist
|
|
test_whitelist () {
|
|
desc=$1
|
|
proto=$2
|
|
url=$3
|
|
|
|
test_expect_success "clone $desc (enabled)" '
|
|
rm -rf tmp.git &&
|
|
(
|
|
GIT_ALLOW_PROTOCOL=$proto &&
|
|
export GIT_ALLOW_PROTOCOL &&
|
|
git clone --bare "$url" tmp.git
|
|
)
|
|
'
|
|
|
|
test_expect_success "fetch $desc (enabled)" '
|
|
(
|
|
cd tmp.git &&
|
|
GIT_ALLOW_PROTOCOL=$proto &&
|
|
export GIT_ALLOW_PROTOCOL &&
|
|
git fetch
|
|
)
|
|
'
|
|
|
|
test_expect_success "push $desc (enabled)" '
|
|
(
|
|
cd tmp.git &&
|
|
GIT_ALLOW_PROTOCOL=$proto &&
|
|
export GIT_ALLOW_PROTOCOL &&
|
|
git push origin HEAD:pushed
|
|
)
|
|
'
|
|
|
|
test_expect_success "push $desc (disabled)" '
|
|
(
|
|
cd tmp.git &&
|
|
GIT_ALLOW_PROTOCOL=none &&
|
|
export GIT_ALLOW_PROTOCOL &&
|
|
test_must_fail git push origin HEAD:pushed
|
|
)
|
|
'
|
|
|
|
test_expect_success "fetch $desc (disabled)" '
|
|
(
|
|
cd tmp.git &&
|
|
GIT_ALLOW_PROTOCOL=none &&
|
|
export GIT_ALLOW_PROTOCOL &&
|
|
test_must_fail git fetch
|
|
)
|
|
'
|
|
|
|
test_expect_success "clone $desc (disabled)" '
|
|
rm -rf tmp.git &&
|
|
(
|
|
GIT_ALLOW_PROTOCOL=none &&
|
|
export GIT_ALLOW_PROTOCOL &&
|
|
test_must_fail git clone --bare "$url" tmp.git
|
|
)
|
|
'
|
|
|
|
test_expect_success "clone $desc (env var has precedence)" '
|
|
rm -rf tmp.git &&
|
|
(
|
|
GIT_ALLOW_PROTOCOL=none &&
|
|
export GIT_ALLOW_PROTOCOL &&
|
|
test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git &&
|
|
test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
|
|
)
|
|
'
|
|
}
|
|
|
|
test_config () {
|
|
desc=$1
|
|
proto=$2
|
|
url=$3
|
|
|
|
# Test clone/fetch/push with protocol.<type>.allow config
|
|
test_expect_success "clone $desc (enabled with config)" '
|
|
rm -rf tmp.git &&
|
|
git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
|
|
'
|
|
|
|
test_expect_success "fetch $desc (enabled)" '
|
|
git -C tmp.git -c protocol.$proto.allow=always fetch
|
|
'
|
|
|
|
test_expect_success "push $desc (enabled)" '
|
|
git -C tmp.git -c protocol.$proto.allow=always push origin HEAD:pushed
|
|
'
|
|
|
|
test_expect_success "push $desc (disabled)" '
|
|
test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed
|
|
'
|
|
|
|
test_expect_success "fetch $desc (disabled)" '
|
|
test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch
|
|
'
|
|
|
|
test_expect_success "clone $desc (disabled)" '
|
|
rm -rf tmp.git &&
|
|
test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git
|
|
'
|
|
|
|
# Test clone/fetch/push with protocol.user.allow and its env var
|
|
test_expect_success "clone $desc (enabled)" '
|
|
rm -rf tmp.git &&
|
|
git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
|
|
'
|
|
|
|
test_expect_success "fetch $desc (enabled)" '
|
|
git -C tmp.git -c protocol.$proto.allow=user fetch
|
|
'
|
|
|
|
test_expect_success "push $desc (enabled)" '
|
|
git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed
|
|
'
|
|
|
|
test_expect_success "push $desc (disabled)" '
|
|
(
|
|
cd tmp.git &&
|
|
GIT_PROTOCOL_FROM_USER=0 &&
|
|
export GIT_PROTOCOL_FROM_USER &&
|
|
test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed
|
|
)
|
|
'
|
|
|
|
test_expect_success "fetch $desc (disabled)" '
|
|
(
|
|
cd tmp.git &&
|
|
GIT_PROTOCOL_FROM_USER=0 &&
|
|
export GIT_PROTOCOL_FROM_USER &&
|
|
test_must_fail git -c protocol.$proto.allow=user fetch
|
|
)
|
|
'
|
|
|
|
test_expect_success "clone $desc (disabled)" '
|
|
rm -rf tmp.git &&
|
|
(
|
|
GIT_PROTOCOL_FROM_USER=0 &&
|
|
export GIT_PROTOCOL_FROM_USER &&
|
|
test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
|
|
)
|
|
'
|
|
|
|
# Test clone/fetch/push with protocol.allow user defined default
|
|
test_expect_success "clone $desc (enabled)" '
|
|
rm -rf tmp.git &&
|
|
test_config_global protocol.allow always &&
|
|
git clone --bare "$url" tmp.git
|
|
'
|
|
|
|
test_expect_success "fetch $desc (enabled)" '
|
|
test_config_global protocol.allow always &&
|
|
git -C tmp.git fetch
|
|
'
|
|
|
|
test_expect_success "push $desc (enabled)" '
|
|
test_config_global protocol.allow always &&
|
|
git -C tmp.git push origin HEAD:pushed
|
|
'
|
|
|
|
test_expect_success "push $desc (disabled)" '
|
|
test_config_global protocol.allow never &&
|
|
test_must_fail git -C tmp.git push origin HEAD:pushed
|
|
'
|
|
|
|
test_expect_success "fetch $desc (disabled)" '
|
|
test_config_global protocol.allow never &&
|
|
test_must_fail git -C tmp.git fetch
|
|
'
|
|
|
|
test_expect_success "clone $desc (disabled)" '
|
|
rm -rf tmp.git &&
|
|
test_config_global protocol.allow never &&
|
|
test_must_fail git clone --bare "$url" tmp.git
|
|
'
|
|
}
|
|
|
|
# test cloning a particular protocol
|
|
# $1 - description of the protocol
|
|
# $2 - machine-readable name of the protocol
|
|
# $3 - the URL to try cloning
|
|
test_proto () {
|
|
test_whitelist "$@"
|
|
|
|
test_config "$@"
|
|
}
|
|
|
|
# set up an ssh wrapper that will access $host/$repo in the
|
|
# trash directory, and enable it for subsequent tests.
|
|
setup_ssh_wrapper () {
|
|
test_expect_success 'setup ssh wrapper' '
|
|
write_script ssh-wrapper <<-\EOF &&
|
|
echo >&2 "ssh: $*"
|
|
host=$1; shift
|
|
cd "$TRASH_DIRECTORY/$host" &&
|
|
eval "$*"
|
|
EOF
|
|
GIT_SSH="$PWD/ssh-wrapper" &&
|
|
export GIT_SSH &&
|
|
export TRASH_DIRECTORY
|
|
'
|
|
}
|
|
|
|
# set up a wrapper that can be used with remote-ext to
|
|
# access repositories in the "remote" directory of trash-dir,
|
|
# like "ext::fake-remote %S repo.git"
|
|
setup_ext_wrapper () {
|
|
test_expect_success 'setup ext wrapper' '
|
|
write_script fake-remote <<-\EOF &&
|
|
echo >&2 "fake-remote: $*"
|
|
cd "$TRASH_DIRECTORY/remote" &&
|
|
eval "$*"
|
|
EOF
|
|
PATH=$TRASH_DIRECTORY:$PATH &&
|
|
export TRASH_DIRECTORY
|
|
'
|
|
}
|