1# Test routines for checking protocol disabling.23# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist4test_whitelist () {5desc=$16proto=$27url=$389test_expect_success "clone $desc (enabled)" '10rm -rf tmp.git &&11(12GIT_ALLOW_PROTOCOL=$proto &&13export GIT_ALLOW_PROTOCOL &&14git clone --bare "$url" tmp.git15)16'1718test_expect_success "fetch $desc (enabled)" '19(20cd tmp.git &&21GIT_ALLOW_PROTOCOL=$proto &&22export GIT_ALLOW_PROTOCOL &&23git fetch24)25'2627test_expect_success "push $desc (enabled)" '28(29cd tmp.git &&30GIT_ALLOW_PROTOCOL=$proto &&31export GIT_ALLOW_PROTOCOL &&32git push origin HEAD:pushed33)34'3536test_expect_success "push $desc (disabled)" '37(38cd tmp.git &&39GIT_ALLOW_PROTOCOL=none &&40export GIT_ALLOW_PROTOCOL &&41test_must_fail git push origin HEAD:pushed42)43'4445test_expect_success "fetch $desc (disabled)" '46(47cd tmp.git &&48GIT_ALLOW_PROTOCOL=none &&49export GIT_ALLOW_PROTOCOL &&50test_must_fail git fetch51)52'5354test_expect_success "clone $desc (disabled)" '55rm -rf tmp.git &&56(57GIT_ALLOW_PROTOCOL=none &&58export GIT_ALLOW_PROTOCOL &&59test_must_fail git clone --bare "$url" tmp.git60)61'6263test_expect_success "clone $desc (env var has precedence)" '64rm -rf tmp.git &&65(66GIT_ALLOW_PROTOCOL=none &&67export GIT_ALLOW_PROTOCOL &&68test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git &&69test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git70)71'72}7374test_config () {75desc=$176proto=$277url=$37879# Test clone/fetch/push with protocol.<type>.allow config80test_expect_success "clone $desc (enabled with config)" '81rm -rf tmp.git &&82git -c protocol.$proto.allow=always clone --bare "$url" tmp.git83'8485test_expect_success "fetch $desc (enabled)" '86git -C tmp.git -c protocol.$proto.allow=always fetch87'8889test_expect_success "push $desc (enabled)" '90git -C tmp.git -c protocol.$proto.allow=always push origin HEAD:pushed91'9293test_expect_success "push $desc (disabled)" '94test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed95'9697test_expect_success "fetch $desc (disabled)" '98test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch99'100101test_expect_success "clone $desc (disabled)" '102rm -rf tmp.git &&103test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git104'105106# Test clone/fetch/push with protocol.user.allow and its env var107test_expect_success "clone $desc (enabled)" '108rm -rf tmp.git &&109git -c protocol.$proto.allow=user clone --bare "$url" tmp.git110'111112test_expect_success "fetch $desc (enabled)" '113git -C tmp.git -c protocol.$proto.allow=user fetch114'115116test_expect_success "push $desc (enabled)" '117git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed118'119120test_expect_success "push $desc (disabled)" '121(122cd tmp.git &&123GIT_PROTOCOL_FROM_USER=0 &&124export GIT_PROTOCOL_FROM_USER &&125test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed126)127'128129test_expect_success "fetch $desc (disabled)" '130(131cd tmp.git &&132GIT_PROTOCOL_FROM_USER=0 &&133export GIT_PROTOCOL_FROM_USER &&134test_must_fail git -c protocol.$proto.allow=user fetch135)136'137138test_expect_success "clone $desc (disabled)" '139rm -rf tmp.git &&140(141GIT_PROTOCOL_FROM_USER=0 &&142export GIT_PROTOCOL_FROM_USER &&143test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git144)145'146147# Test clone/fetch/push with protocol.allow user defined default148test_expect_success "clone $desc (enabled)" '149rm -rf tmp.git &&150test_config_global protocol.allow always &&151git clone --bare "$url" tmp.git152'153154test_expect_success "fetch $desc (enabled)" '155test_config_global protocol.allow always &&156git -C tmp.git fetch157'158159test_expect_success "push $desc (enabled)" '160test_config_global protocol.allow always &&161git -C tmp.git push origin HEAD:pushed162'163164test_expect_success "push $desc (disabled)" '165test_config_global protocol.allow never &&166test_must_fail git -C tmp.git push origin HEAD:pushed167'168169test_expect_success "fetch $desc (disabled)" '170test_config_global protocol.allow never &&171test_must_fail git -C tmp.git fetch172'173174test_expect_success "clone $desc (disabled)" '175rm -rf tmp.git &&176test_config_global protocol.allow never &&177test_must_fail git clone --bare "$url" tmp.git178'179}180181# test cloning a particular protocol182# $1 - description of the protocol183# $2 - machine-readable name of the protocol184# $3 - the URL to try cloning185test_proto () {186test_whitelist "$@"187188test_config "$@"189}190191# set up an ssh wrapper that will access $host/$repo in the192# trash directory, and enable it for subsequent tests.193setup_ssh_wrapper () {194test_expect_success 'setup ssh wrapper' '195write_script ssh-wrapper <<-\EOF &&196echo >&2 "ssh: $*"197host=$1; shift198cd "$TRASH_DIRECTORY/$host" &&199eval "$*"200EOF201GIT_SSH="$PWD/ssh-wrapper" &&202export GIT_SSH &&203export TRASH_DIRECTORY204'205}206207# set up a wrapper that can be used with remote-ext to208# access repositories in the "remote" directory of trash-dir,209# like "ext::fake-remote %S repo.git"210setup_ext_wrapper () {211test_expect_success 'setup ext wrapper' '212write_script fake-remote <<-\EOF &&213echo >&2 "fake-remote: $*"214cd "$TRASH_DIRECTORY/remote" &&215eval "$*"216EOF217PATH=$TRASH_DIRECTORY:$PATH &&218export TRASH_DIRECTORY219'220}