t / lib-proto-disable.shon commit Merge branch 'mm/gc-safety-doc' (979b82f)
   1# Test routines for checking protocol disabling.
   2
   3# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist
   4test_whitelist () {
   5        desc=$1
   6        proto=$2
   7        url=$3
   8
   9        test_expect_success "clone $desc (enabled)" '
  10                rm -rf tmp.git &&
  11                (
  12                        GIT_ALLOW_PROTOCOL=$proto &&
  13                        export GIT_ALLOW_PROTOCOL &&
  14                        git clone --bare "$url" tmp.git
  15                )
  16        '
  17
  18        test_expect_success "fetch $desc (enabled)" '
  19                (
  20                        cd tmp.git &&
  21                        GIT_ALLOW_PROTOCOL=$proto &&
  22                        export GIT_ALLOW_PROTOCOL &&
  23                        git fetch
  24                )
  25        '
  26
  27        test_expect_success "push $desc (enabled)" '
  28                (
  29                        cd tmp.git &&
  30                        GIT_ALLOW_PROTOCOL=$proto &&
  31                        export GIT_ALLOW_PROTOCOL &&
  32                        git push origin HEAD:pushed
  33                )
  34        '
  35
  36        test_expect_success "push $desc (disabled)" '
  37                (
  38                        cd tmp.git &&
  39                        GIT_ALLOW_PROTOCOL=none &&
  40                        export GIT_ALLOW_PROTOCOL &&
  41                        test_must_fail git push origin HEAD:pushed
  42                )
  43        '
  44
  45        test_expect_success "fetch $desc (disabled)" '
  46                (
  47                        cd tmp.git &&
  48                        GIT_ALLOW_PROTOCOL=none &&
  49                        export GIT_ALLOW_PROTOCOL &&
  50                        test_must_fail git fetch
  51                )
  52        '
  53
  54        test_expect_success "clone $desc (disabled)" '
  55                rm -rf tmp.git &&
  56                (
  57                        GIT_ALLOW_PROTOCOL=none &&
  58                        export GIT_ALLOW_PROTOCOL &&
  59                        test_must_fail git clone --bare "$url" tmp.git
  60                )
  61        '
  62
  63        test_expect_success "clone $desc (env var has precedence)" '
  64                rm -rf tmp.git &&
  65                (
  66                        GIT_ALLOW_PROTOCOL=none &&
  67                        export GIT_ALLOW_PROTOCOL &&
  68                        test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git &&
  69                        test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
  70                )
  71        '
  72}
  73
  74test_config () {
  75        desc=$1
  76        proto=$2
  77        url=$3
  78
  79        # Test clone/fetch/push with protocol.<type>.allow config
  80        test_expect_success "clone $desc (enabled with config)" '
  81                rm -rf tmp.git &&
  82                git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
  83        '
  84
  85        test_expect_success "fetch $desc (enabled)" '
  86                git -C tmp.git -c protocol.$proto.allow=always fetch
  87        '
  88
  89        test_expect_success "push $desc (enabled)" '
  90                git -C tmp.git -c protocol.$proto.allow=always  push origin HEAD:pushed
  91        '
  92
  93        test_expect_success "push $desc (disabled)" '
  94                test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed
  95        '
  96
  97        test_expect_success "fetch $desc (disabled)" '
  98                test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch
  99        '
 100
 101        test_expect_success "clone $desc (disabled)" '
 102                rm -rf tmp.git &&
 103                test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git
 104        '
 105
 106        # Test clone/fetch/push with protocol.user.allow and its env var
 107        test_expect_success "clone $desc (enabled)" '
 108                rm -rf tmp.git &&
 109                git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
 110        '
 111
 112        test_expect_success "fetch $desc (enabled)" '
 113                git -C tmp.git -c protocol.$proto.allow=user fetch
 114        '
 115
 116        test_expect_success "push $desc (enabled)" '
 117                git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed
 118        '
 119
 120        test_expect_success "push $desc (disabled)" '
 121                (
 122                        cd tmp.git &&
 123                        GIT_PROTOCOL_FROM_USER=0 &&
 124                        export GIT_PROTOCOL_FROM_USER &&
 125                        test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed
 126                )
 127        '
 128
 129        test_expect_success "fetch $desc (disabled)" '
 130                (
 131                        cd tmp.git &&
 132                        GIT_PROTOCOL_FROM_USER=0 &&
 133                        export GIT_PROTOCOL_FROM_USER &&
 134                        test_must_fail git -c protocol.$proto.allow=user fetch
 135                )
 136        '
 137
 138        test_expect_success "clone $desc (disabled)" '
 139                rm -rf tmp.git &&
 140                (
 141                        GIT_PROTOCOL_FROM_USER=0 &&
 142                        export GIT_PROTOCOL_FROM_USER &&
 143                        test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
 144                )
 145        '
 146
 147        # Test clone/fetch/push with protocol.allow user defined default
 148        test_expect_success "clone $desc (enabled)" '
 149                rm -rf tmp.git &&
 150                git config --global protocol.allow always &&
 151                git clone --bare "$url" tmp.git
 152        '
 153
 154        test_expect_success "fetch $desc (enabled)" '
 155                git -C tmp.git fetch
 156        '
 157
 158        test_expect_success "push $desc (enabled)" '
 159                git -C tmp.git push origin HEAD:pushed
 160        '
 161
 162        test_expect_success "push $desc (disabled)" '
 163                git config --global protocol.allow never &&
 164                test_must_fail git -C tmp.git push origin HEAD:pushed
 165        '
 166
 167        test_expect_success "fetch $desc (disabled)" '
 168                test_must_fail git -C tmp.git fetch
 169        '
 170
 171        test_expect_success "clone $desc (disabled)" '
 172                rm -rf tmp.git &&
 173                test_must_fail git clone --bare "$url" tmp.git
 174        '
 175}
 176
 177# test cloning a particular protocol
 178#   $1 - description of the protocol
 179#   $2 - machine-readable name of the protocol
 180#   $3 - the URL to try cloning
 181test_proto () {
 182        test_whitelist "$@"
 183
 184        test_config "$@"
 185}
 186
 187# set up an ssh wrapper that will access $host/$repo in the
 188# trash directory, and enable it for subsequent tests.
 189setup_ssh_wrapper () {
 190        test_expect_success 'setup ssh wrapper' '
 191                write_script ssh-wrapper <<-\EOF &&
 192                echo >&2 "ssh: $*"
 193                host=$1; shift
 194                cd "$TRASH_DIRECTORY/$host" &&
 195                eval "$*"
 196                EOF
 197                GIT_SSH="$PWD/ssh-wrapper" &&
 198                export GIT_SSH &&
 199                export TRASH_DIRECTORY
 200        '
 201}
 202
 203# set up a wrapper that can be used with remote-ext to
 204# access repositories in the "remote" directory of trash-dir,
 205# like "ext::fake-remote %S repo.git"
 206setup_ext_wrapper () {
 207        test_expect_success 'setup ext wrapper' '
 208                write_script fake-remote <<-\EOF &&
 209                echo >&2 "fake-remote: $*"
 210                cd "$TRASH_DIRECTORY/remote" &&
 211                eval "$*"
 212                EOF
 213                PATH=$TRASH_DIRECTORY:$PATH &&
 214                export TRASH_DIRECTORY
 215        '
 216}