t / lib-proto-disable.shon commit Merge branches 'bp/reset-quiet' and 'js/mingw-http-ssl' into nd/config-split (89e4fcb)
   1# Test routines for checking protocol disabling.
   2
   3# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist
   4test_whitelist () {
   5        desc=$1
   6        proto=$2
   7        url=$3
   8
   9        test_expect_success "clone $desc (enabled)" '
  10                rm -rf tmp.git &&
  11                (
  12                        GIT_ALLOW_PROTOCOL=$proto &&
  13                        export GIT_ALLOW_PROTOCOL &&
  14                        git clone --bare "$url" tmp.git
  15                )
  16        '
  17
  18        test_expect_success "fetch $desc (enabled)" '
  19                (
  20                        cd tmp.git &&
  21                        GIT_ALLOW_PROTOCOL=$proto &&
  22                        export GIT_ALLOW_PROTOCOL &&
  23                        git fetch
  24                )
  25        '
  26
  27        test_expect_success "push $desc (enabled)" '
  28                (
  29                        cd tmp.git &&
  30                        GIT_ALLOW_PROTOCOL=$proto &&
  31                        export GIT_ALLOW_PROTOCOL &&
  32                        git push origin HEAD:pushed
  33                )
  34        '
  35
  36        test_expect_success "push $desc (disabled)" '
  37                (
  38                        cd tmp.git &&
  39                        GIT_ALLOW_PROTOCOL=none &&
  40                        export GIT_ALLOW_PROTOCOL &&
  41                        test_must_fail git push origin HEAD:pushed
  42                )
  43        '
  44
  45        test_expect_success "fetch $desc (disabled)" '
  46                (
  47                        cd tmp.git &&
  48                        GIT_ALLOW_PROTOCOL=none &&
  49                        export GIT_ALLOW_PROTOCOL &&
  50                        test_must_fail git fetch
  51                )
  52        '
  53
  54        test_expect_success "clone $desc (disabled)" '
  55                rm -rf tmp.git &&
  56                (
  57                        GIT_ALLOW_PROTOCOL=none &&
  58                        export GIT_ALLOW_PROTOCOL &&
  59                        test_must_fail git clone --bare "$url" tmp.git
  60                )
  61        '
  62
  63        test_expect_success "clone $desc (env var has precedence)" '
  64                rm -rf tmp.git &&
  65                (
  66                        GIT_ALLOW_PROTOCOL=none &&
  67                        export GIT_ALLOW_PROTOCOL &&
  68                        test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git &&
  69                        test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
  70                )
  71        '
  72}
  73
  74test_config () {
  75        desc=$1
  76        proto=$2
  77        url=$3
  78
  79        # Test clone/fetch/push with protocol.<type>.allow config
  80        test_expect_success "clone $desc (enabled with config)" '
  81                rm -rf tmp.git &&
  82                git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
  83        '
  84
  85        test_expect_success "fetch $desc (enabled)" '
  86                git -C tmp.git -c protocol.$proto.allow=always fetch
  87        '
  88
  89        test_expect_success "push $desc (enabled)" '
  90                git -C tmp.git -c protocol.$proto.allow=always  push origin HEAD:pushed
  91        '
  92
  93        test_expect_success "push $desc (disabled)" '
  94                test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed
  95        '
  96
  97        test_expect_success "fetch $desc (disabled)" '
  98                test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch
  99        '
 100
 101        test_expect_success "clone $desc (disabled)" '
 102                rm -rf tmp.git &&
 103                test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git
 104        '
 105
 106        # Test clone/fetch/push with protocol.user.allow and its env var
 107        test_expect_success "clone $desc (enabled)" '
 108                rm -rf tmp.git &&
 109                git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
 110        '
 111
 112        test_expect_success "fetch $desc (enabled)" '
 113                git -C tmp.git -c protocol.$proto.allow=user fetch
 114        '
 115
 116        test_expect_success "push $desc (enabled)" '
 117                git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed
 118        '
 119
 120        test_expect_success "push $desc (disabled)" '
 121                (
 122                        cd tmp.git &&
 123                        GIT_PROTOCOL_FROM_USER=0 &&
 124                        export GIT_PROTOCOL_FROM_USER &&
 125                        test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed
 126                )
 127        '
 128
 129        test_expect_success "fetch $desc (disabled)" '
 130                (
 131                        cd tmp.git &&
 132                        GIT_PROTOCOL_FROM_USER=0 &&
 133                        export GIT_PROTOCOL_FROM_USER &&
 134                        test_must_fail git -c protocol.$proto.allow=user fetch
 135                )
 136        '
 137
 138        test_expect_success "clone $desc (disabled)" '
 139                rm -rf tmp.git &&
 140                (
 141                        GIT_PROTOCOL_FROM_USER=0 &&
 142                        export GIT_PROTOCOL_FROM_USER &&
 143                        test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
 144                )
 145        '
 146
 147        # Test clone/fetch/push with protocol.allow user defined default
 148        test_expect_success "clone $desc (enabled)" '
 149                rm -rf tmp.git &&
 150                test_config_global protocol.allow always &&
 151                git clone --bare "$url" tmp.git
 152        '
 153
 154        test_expect_success "fetch $desc (enabled)" '
 155                test_config_global protocol.allow always &&
 156                git -C tmp.git fetch
 157        '
 158
 159        test_expect_success "push $desc (enabled)" '
 160                test_config_global protocol.allow always &&
 161                git -C tmp.git push origin HEAD:pushed
 162        '
 163
 164        test_expect_success "push $desc (disabled)" '
 165                test_config_global protocol.allow never &&
 166                test_must_fail git -C tmp.git push origin HEAD:pushed
 167        '
 168
 169        test_expect_success "fetch $desc (disabled)" '
 170                test_config_global protocol.allow never &&
 171                test_must_fail git -C tmp.git fetch
 172        '
 173
 174        test_expect_success "clone $desc (disabled)" '
 175                rm -rf tmp.git &&
 176                test_config_global protocol.allow never &&
 177                test_must_fail git clone --bare "$url" tmp.git
 178        '
 179}
 180
 181# test cloning a particular protocol
 182#   $1 - description of the protocol
 183#   $2 - machine-readable name of the protocol
 184#   $3 - the URL to try cloning
 185test_proto () {
 186        test_whitelist "$@"
 187
 188        test_config "$@"
 189}
 190
 191# set up an ssh wrapper that will access $host/$repo in the
 192# trash directory, and enable it for subsequent tests.
 193setup_ssh_wrapper () {
 194        test_expect_success 'setup ssh wrapper' '
 195                write_script ssh-wrapper <<-\EOF &&
 196                echo >&2 "ssh: $*"
 197                host=$1; shift
 198                cd "$TRASH_DIRECTORY/$host" &&
 199                eval "$*"
 200                EOF
 201                GIT_SSH="$PWD/ssh-wrapper" &&
 202                export GIT_SSH &&
 203                export TRASH_DIRECTORY
 204        '
 205}
 206
 207# set up a wrapper that can be used with remote-ext to
 208# access repositories in the "remote" directory of trash-dir,
 209# like "ext::fake-remote %S repo.git"
 210setup_ext_wrapper () {
 211        test_expect_success 'setup ext wrapper' '
 212                write_script fake-remote <<-\EOF &&
 213                echo >&2 "fake-remote: $*"
 214                cd "$TRASH_DIRECTORY/remote" &&
 215                eval "$*"
 216                EOF
 217                PATH=$TRASH_DIRECTORY:$PATH &&
 218                export TRASH_DIRECTORY
 219        '
 220}