From: Junio C Hamano <gitster@pobox.com>
Date: Wed, 22 Apr 2020 20:43:01 +0000 (-0700)
Subject: Merge branch 'jk/credential-parsing-end-of-host-in-URL'
X-Git-Tag: v2.27.0-rc0~102
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a397e9c236b0ff56eb15f32a2a41c852b1e5dd3b;p=thirdparty%2Fgit.git

Merge branch 'jk/credential-parsing-end-of-host-in-URL'

Parsing of URL for the credential helper has been corrected.

* jk/credential-parsing-end-of-host-in-URL:
  credential: treat "?" and "#" in URLs as end of host
---

a397e9c236b0ff56eb15f32a2a41c852b1e5dd3b
diff --cc t/t0300-credentials.sh
index 5555a1524f,b6ec676989..48484cbcf6
--- a/t/t0300-credentials.sh
+++ b/t/t0300-credentials.sh
@@@ -527,52 -436,52 +527,86 @@@ test_expect_success 'empty helper spec 
  	EOF
  '
  
 -test_expect_success 'url parser ignores embedded newlines' '
 -	check fill <<-EOF
 +test_expect_success 'url parser rejects embedded newlines' '
 +	test_must_fail git credential fill 2>stderr <<-\EOF &&
  	url=https://one.example.com?%0ahost=two.example.com/
 +	EOF
 +	cat >expect <<-\EOF &&
- 	warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/
++	warning: url contains a newline in its path component: https://one.example.com?%0ahost=two.example.com/
 +	fatal: credential url cannot be parsed: https://one.example.com?%0ahost=two.example.com/
 +	EOF
 +	test_i18ncmp expect stderr
 +'
 +
 +test_expect_success 'host-less URLs are parsed as empty host' '
 +	check fill "verbatim foo bar" <<-\EOF
 +	url=cert:///path/to/cert.pem
  	--
 -	username=askpass-username
 -	password=askpass-password
 +	protocol=cert
 +	host=
 +	path=path/to/cert.pem
 +	username=foo
 +	password=bar
  	--
 -	warning: url contains a newline in its path component: https://one.example.com?%0ahost=two.example.com/
 -	warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/
 -	askpass: Username:
 -	askpass: Password:
 +	verbatim: get
 +	verbatim: protocol=cert
 +	verbatim: host=
 +	verbatim: path=path/to/cert.pem
 +	EOF
 +'
 +
 +test_expect_success 'credential system refuses to work with missing host' '
 +	test_must_fail git credential fill 2>stderr <<-\EOF &&
 +	protocol=http
 +	EOF
 +	cat >expect <<-\EOF &&
 +	fatal: refusing to work with credential missing host field
 +	EOF
 +	test_i18ncmp expect stderr
 +'
 +
 +test_expect_success 'credential system refuses to work with missing protocol' '
 +	test_must_fail git credential fill 2>stderr <<-\EOF &&
 +	host=example.com
 +	EOF
 +	cat >expect <<-\EOF &&
 +	fatal: refusing to work with credential missing protocol field
  	EOF
 +	test_i18ncmp expect stderr
  '
  
+ # usage: check_host_and_path <url> <expected-host> <expected-path>
+ check_host_and_path () {
+ 	# we always parse the path component, but we need this to make sure it
+ 	# is passed to the helper
+ 	test_config credential.useHTTPPath true &&
+ 	check fill "verbatim user pass" <<-EOF
+ 	url=$1
+ 	--
+ 	protocol=https
+ 	host=$2
+ 	path=$3
+ 	username=user
+ 	password=pass
+ 	--
+ 	verbatim: get
+ 	verbatim: protocol=https
+ 	verbatim: host=$2
+ 	verbatim: path=$3
+ 	EOF
+ }
+ 
+ test_expect_success 'url parser handles bare query marker' '
+ 	check_host_and_path https://example.com?foo.git example.com ?foo.git
+ '
+ 
+ test_expect_success 'url parser handles bare fragment marker' '
+ 	check_host_and_path https://example.com#foo.git example.com "#foo.git"
+ '
+ 
+ test_expect_success 'url parser not confused by encoded markers' '
+ 	check_host_and_path https://example.com%23%3f%2f/foo.git \
+ 		"example.com#?/" foo.git
+ '
+ 
  test_done