summaryrefslogtreecommitdiffstats
path: root/t/lib-proto-disable.sh
blob: 83babe57d959005315ed0780caced285b440e8bc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# Test routines for checking protocol disabling.

# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist
test_whitelist () {
	desc=$1
	proto=$2
	url=$3

	test_expect_success "clone $desc (enabled)" '
		rm -rf tmp.git &&
		(
			GIT_ALLOW_PROTOCOL=$proto &&
			export GIT_ALLOW_PROTOCOL &&
			git clone --bare "$url" tmp.git
		)
	'

	test_expect_success "fetch $desc (enabled)" '
		(
			cd tmp.git &&
			GIT_ALLOW_PROTOCOL=$proto &&
			export GIT_ALLOW_PROTOCOL &&
			git fetch
		)
	'

	test_expect_success "push $desc (enabled)" '
		(
			cd tmp.git &&
			GIT_ALLOW_PROTOCOL=$proto &&
			export GIT_ALLOW_PROTOCOL &&
			git push origin HEAD:pushed
		)
	'

	test_expect_success "push $desc (disabled)" '
		(
			cd tmp.git &&
			GIT_ALLOW_PROTOCOL=none &&
			export GIT_ALLOW_PROTOCOL &&
			test_must_fail git push origin HEAD:pushed
		)
	'

	test_expect_success "fetch $desc (disabled)" '
		(
			cd tmp.git &&
			GIT_ALLOW_PROTOCOL=none &&
			export GIT_ALLOW_PROTOCOL &&
			test_must_fail git fetch
		)
	'

	test_expect_success "clone $desc (disabled)" '
		rm -rf tmp.git &&
		(
			GIT_ALLOW_PROTOCOL=none &&
			export GIT_ALLOW_PROTOCOL &&
			test_must_fail git clone --bare "$url" tmp.git
		)
	'

	test_expect_success "clone $desc (env var has precedence)" '
		rm -rf tmp.git &&
		(
			GIT_ALLOW_PROTOCOL=none &&
			export GIT_ALLOW_PROTOCOL &&
			test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git &&
			test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
		)
	'
}

test_config () {
	desc=$1
	proto=$2
	url=$3

	# Test clone/fetch/push with protocol.<type>.allow config
	test_expect_success "clone $desc (enabled with config)" '
		rm -rf tmp.git &&
		git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
	'

	test_expect_success "fetch $desc (enabled)" '
		git -C tmp.git -c protocol.$proto.allow=always fetch
	'

	test_expect_success "push $desc (enabled)" '
		git -C tmp.git -c protocol.$proto.allow=always  push origin HEAD:pushed
	'

	test_expect_success "push $desc (disabled)" '
		test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed
	'

	test_expect_success "fetch $desc (disabled)" '
		test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch
	'

	test_expect_success "clone $desc (disabled)" '
		rm -rf tmp.git &&
		test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git
	'

	# Test clone/fetch/push with protocol.user.allow and its env var
	test_expect_success "clone $desc (enabled)" '
		rm -rf tmp.git &&
		git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
	'

	test_expect_success "fetch $desc (enabled)" '
		git -C tmp.git -c protocol.$proto.allow=user fetch
	'

	test_expect_success "push $desc (enabled)" '
		git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed
	'

	test_expect_success "push $desc (disabled)" '
		(
			cd tmp.git &&
			GIT_PROTOCOL_FROM_USER=0 &&
			export GIT_PROTOCOL_FROM_USER &&
			test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed
		)
	'

	test_expect_success "fetch $desc (disabled)" '
		(
			cd tmp.git &&
			GIT_PROTOCOL_FROM_USER=0 &&
			export GIT_PROTOCOL_FROM_USER &&
			test_must_fail git -c protocol.$proto.allow=user fetch
		)
	'

	test_expect_success "clone $desc (disabled)" '
		rm -rf tmp.git &&
		(
			GIT_PROTOCOL_FROM_USER=0 &&
			export GIT_PROTOCOL_FROM_USER &&
			test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
		)
	'

	# Test clone/fetch/push with protocol.allow user defined default
	test_expect_success "clone $desc (enabled)" '
		rm -rf tmp.git &&
		test_config_global protocol.allow always &&
		git clone --bare "$url" tmp.git
	'

	test_expect_success "fetch $desc (enabled)" '
		test_config_global protocol.allow always &&
		git -C tmp.git fetch
	'

	test_expect_success "push $desc (enabled)" '
		test_config_global protocol.allow always &&
		git -C tmp.git push origin HEAD:pushed
	'

	test_expect_success "push $desc (disabled)" '
		test_config_global protocol.allow never &&
		test_must_fail git -C tmp.git push origin HEAD:pushed
	'

	test_expect_success "fetch $desc (disabled)" '
		test_config_global protocol.allow never &&
		test_must_fail git -C tmp.git fetch
	'

	test_expect_success "clone $desc (disabled)" '
		rm -rf tmp.git &&
		test_config_global protocol.allow never &&
		test_must_fail git clone --bare "$url" tmp.git
	'
}

# test cloning a particular protocol
#   $1 - description of the protocol
#   $2 - machine-readable name of the protocol
#   $3 - the URL to try cloning
test_proto () {
	test_whitelist "$@"

	test_config "$@"
}

# set up an ssh wrapper that will access $host/$repo in the
# trash directory, and enable it for subsequent tests.
setup_ssh_wrapper () {
	test_expect_success 'setup ssh wrapper' '
		write_script ssh-wrapper <<-\EOF &&
		echo >&2 "ssh: $*"
		host=$1; shift
		cd "$TRASH_DIRECTORY/$host" &&
		eval "$*"
		EOF
		GIT_SSH="$PWD/ssh-wrapper" &&
		export GIT_SSH &&
		export TRASH_DIRECTORY
	'
}

# set up a wrapper that can be used with remote-ext to
# access repositories in the "remote" directory of trash-dir,
# like "ext::fake-remote %S repo.git"
setup_ext_wrapper () {
	test_expect_success 'setup ext wrapper' '
		write_script fake-remote <<-\EOF &&
		echo >&2 "fake-remote: $*"
		cd "$TRASH_DIRECTORY/remote" &&
		eval "$*"
		EOF
		PATH=$TRASH_DIRECTORY:$PATH &&
		export TRASH_DIRECTORY
	'
}