]>
Commit | Line | Data |
---|---|---|
a5adaced JK |
1 | # Test routines for checking protocol disabling. |
2 | ||
f1762d77 BW |
3 | # Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist |
4 | test_whitelist () { | |
a5adaced JK |
5 | desc=$1 |
6 | proto=$2 | |
7 | url=$3 | |
8 | ||
85e42053 | 9 | test_expect_success "clone $desc (enabled)" ' |
a5adaced JK |
10 | rm -rf tmp.git && |
11 | ( | |
12 | GIT_ALLOW_PROTOCOL=$proto && | |
13 | export GIT_ALLOW_PROTOCOL && | |
14 | git clone --bare "$url" tmp.git | |
15 | ) | |
16 | ' | |
17 | ||
85e42053 | 18 | test_expect_success "fetch $desc (enabled)" ' |
a5adaced JK |
19 | ( |
20 | cd tmp.git && | |
21 | GIT_ALLOW_PROTOCOL=$proto && | |
22 | export GIT_ALLOW_PROTOCOL && | |
23 | git fetch | |
24 | ) | |
25 | ' | |
26 | ||
85e42053 | 27 | test_expect_success "push $desc (enabled)" ' |
a5adaced JK |
28 | ( |
29 | cd tmp.git && | |
30 | GIT_ALLOW_PROTOCOL=$proto && | |
31 | export GIT_ALLOW_PROTOCOL && | |
32 | git push origin HEAD:pushed | |
33 | ) | |
34 | ' | |
35 | ||
85e42053 | 36 | test_expect_success "push $desc (disabled)" ' |
a5adaced JK |
37 | ( |
38 | cd tmp.git && | |
39 | GIT_ALLOW_PROTOCOL=none && | |
40 | export GIT_ALLOW_PROTOCOL && | |
41 | test_must_fail git push origin HEAD:pushed | |
42 | ) | |
43 | ' | |
44 | ||
85e42053 | 45 | test_expect_success "fetch $desc (disabled)" ' |
a5adaced JK |
46 | ( |
47 | cd tmp.git && | |
48 | GIT_ALLOW_PROTOCOL=none && | |
49 | export GIT_ALLOW_PROTOCOL && | |
50 | test_must_fail git fetch | |
51 | ) | |
52 | ' | |
53 | ||
85e42053 | 54 | test_expect_success "clone $desc (disabled)" ' |
a5adaced JK |
55 | rm -rf tmp.git && |
56 | ( | |
57 | GIT_ALLOW_PROTOCOL=none && | |
58 | export GIT_ALLOW_PROTOCOL && | |
59 | test_must_fail git clone --bare "$url" tmp.git | |
60 | ) | |
61 | ' | |
f1762d77 BW |
62 | |
63 | test_expect_success "clone $desc (env var has precedence)" ' | |
64 | rm -rf tmp.git && | |
65 | ( | |
66 | GIT_ALLOW_PROTOCOL=none && | |
67 | export GIT_ALLOW_PROTOCOL && | |
68 | test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git && | |
69 | test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git | |
70 | ) | |
71 | ' | |
72 | } | |
73 | ||
74 | test_config () { | |
75 | desc=$1 | |
76 | proto=$2 | |
77 | url=$3 | |
78 | ||
79 | # Test clone/fetch/push with protocol.<type>.allow config | |
80 | test_expect_success "clone $desc (enabled with config)" ' | |
81 | rm -rf tmp.git && | |
82 | git -c protocol.$proto.allow=always clone --bare "$url" tmp.git | |
83 | ' | |
84 | ||
85 | test_expect_success "fetch $desc (enabled)" ' | |
86 | git -C tmp.git -c protocol.$proto.allow=always fetch | |
87 | ' | |
88 | ||
89 | test_expect_success "push $desc (enabled)" ' | |
90 | git -C tmp.git -c protocol.$proto.allow=always push origin HEAD:pushed | |
91 | ' | |
92 | ||
93 | test_expect_success "push $desc (disabled)" ' | |
94 | test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed | |
95 | ' | |
96 | ||
97 | test_expect_success "fetch $desc (disabled)" ' | |
98 | test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch | |
99 | ' | |
100 | ||
101 | test_expect_success "clone $desc (disabled)" ' | |
102 | rm -rf tmp.git && | |
103 | test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git | |
104 | ' | |
105 | ||
106 | # Test clone/fetch/push with protocol.user.allow and its env var | |
107 | test_expect_success "clone $desc (enabled)" ' | |
108 | rm -rf tmp.git && | |
109 | git -c protocol.$proto.allow=user clone --bare "$url" tmp.git | |
110 | ' | |
111 | ||
112 | test_expect_success "fetch $desc (enabled)" ' | |
113 | git -C tmp.git -c protocol.$proto.allow=user fetch | |
114 | ' | |
115 | ||
116 | test_expect_success "push $desc (enabled)" ' | |
117 | git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed | |
118 | ' | |
119 | ||
120 | test_expect_success "push $desc (disabled)" ' | |
121 | ( | |
122 | cd tmp.git && | |
123 | GIT_PROTOCOL_FROM_USER=0 && | |
124 | export GIT_PROTOCOL_FROM_USER && | |
125 | test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed | |
126 | ) | |
127 | ' | |
128 | ||
129 | test_expect_success "fetch $desc (disabled)" ' | |
130 | ( | |
131 | cd tmp.git && | |
132 | GIT_PROTOCOL_FROM_USER=0 && | |
133 | export GIT_PROTOCOL_FROM_USER && | |
134 | test_must_fail git -c protocol.$proto.allow=user fetch | |
135 | ) | |
136 | ' | |
137 | ||
138 | test_expect_success "clone $desc (disabled)" ' | |
139 | rm -rf tmp.git && | |
140 | ( | |
141 | GIT_PROTOCOL_FROM_USER=0 && | |
142 | export GIT_PROTOCOL_FROM_USER && | |
143 | test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git | |
144 | ) | |
145 | ' | |
146 | ||
147 | # Test clone/fetch/push with protocol.allow user defined default | |
148 | test_expect_success "clone $desc (enabled)" ' | |
149 | rm -rf tmp.git && | |
30c586ff | 150 | test_config_global protocol.allow always && |
f1762d77 BW |
151 | git clone --bare "$url" tmp.git |
152 | ' | |
153 | ||
154 | test_expect_success "fetch $desc (enabled)" ' | |
30c586ff | 155 | test_config_global protocol.allow always && |
f1762d77 BW |
156 | git -C tmp.git fetch |
157 | ' | |
158 | ||
159 | test_expect_success "push $desc (enabled)" ' | |
30c586ff | 160 | test_config_global protocol.allow always && |
f1762d77 BW |
161 | git -C tmp.git push origin HEAD:pushed |
162 | ' | |
163 | ||
164 | test_expect_success "push $desc (disabled)" ' | |
30c586ff | 165 | test_config_global protocol.allow never && |
f1762d77 BW |
166 | test_must_fail git -C tmp.git push origin HEAD:pushed |
167 | ' | |
168 | ||
169 | test_expect_success "fetch $desc (disabled)" ' | |
30c586ff | 170 | test_config_global protocol.allow never && |
f1762d77 BW |
171 | test_must_fail git -C tmp.git fetch |
172 | ' | |
173 | ||
174 | test_expect_success "clone $desc (disabled)" ' | |
175 | rm -rf tmp.git && | |
30c586ff | 176 | test_config_global protocol.allow never && |
f1762d77 BW |
177 | test_must_fail git clone --bare "$url" tmp.git |
178 | ' | |
179 | } | |
180 | ||
181 | # test cloning a particular protocol | |
182 | # $1 - description of the protocol | |
183 | # $2 - machine-readable name of the protocol | |
184 | # $3 - the URL to try cloning | |
185 | test_proto () { | |
186 | test_whitelist "$@" | |
187 | ||
188 | test_config "$@" | |
a5adaced JK |
189 | } |
190 | ||
191 | # set up an ssh wrapper that will access $host/$repo in the | |
192 | # trash directory, and enable it for subsequent tests. | |
193 | setup_ssh_wrapper () { | |
194 | test_expect_success 'setup ssh wrapper' ' | |
195 | write_script ssh-wrapper <<-\EOF && | |
196 | echo >&2 "ssh: $*" | |
197 | host=$1; shift | |
198 | cd "$TRASH_DIRECTORY/$host" && | |
199 | eval "$*" | |
200 | EOF | |
201 | GIT_SSH="$PWD/ssh-wrapper" && | |
202 | export GIT_SSH && | |
203 | export TRASH_DIRECTORY | |
204 | ' | |
205 | } | |
206 | ||
207 | # set up a wrapper that can be used with remote-ext to | |
208 | # access repositories in the "remote" directory of trash-dir, | |
209 | # like "ext::fake-remote %S repo.git" | |
210 | setup_ext_wrapper () { | |
211 | test_expect_success 'setup ext wrapper' ' | |
212 | write_script fake-remote <<-\EOF && | |
213 | echo >&2 "fake-remote: $*" | |
214 | cd "$TRASH_DIRECTORY/remote" && | |
215 | eval "$*" | |
216 | EOF | |
217 | PATH=$TRASH_DIRECTORY:$PATH && | |
218 | export TRASH_DIRECTORY | |
219 | ' | |
220 | } |