1# Test routines for checking protocol disabling.23# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist4test_whitelist () {5desc=$16proto=$27url=$389test_expect_success "clone $desc (enabled)" '10rm -rf tmp.git &&11(12GIT_ALLOW_PROTOCOL=$proto &&13export GIT_ALLOW_PROTOCOL &&14git clone --bare "$url" tmp.git15)16'1718test_expect_success "fetch $desc (enabled)" '19(20cd tmp.git &&21GIT_ALLOW_PROTOCOL=$proto &&22export GIT_ALLOW_PROTOCOL &&23git fetch24)25'2627test_expect_success "push $desc (enabled)" '28(29cd tmp.git &&30GIT_ALLOW_PROTOCOL=$proto &&31export GIT_ALLOW_PROTOCOL &&32git push origin HEAD:pushed33)34'3536test_expect_success "push $desc (disabled)" '37(38cd tmp.git &&39GIT_ALLOW_PROTOCOL=none &&40export GIT_ALLOW_PROTOCOL &&41test_must_fail git push origin HEAD:pushed42)43'4445test_expect_success "fetch $desc (disabled)" '46(47cd tmp.git &&48GIT_ALLOW_PROTOCOL=none &&49export GIT_ALLOW_PROTOCOL &&50test_must_fail git fetch51)52'5354test_expect_success "clone $desc (disabled)" '55rm -rf tmp.git &&56(57GIT_ALLOW_PROTOCOL=none &&58export GIT_ALLOW_PROTOCOL &&59test_must_fail git clone --bare "$url" tmp.git60)61'6263test_expect_success "clone $desc (env var has precedence)" '64rm -rf tmp.git &&65(66GIT_ALLOW_PROTOCOL=none &&67export GIT_ALLOW_PROTOCOL &&68test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git &&69test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git70)71'72}7374test_config () {75desc=$176proto=$277url=$37879# Test clone/fetch/push with protocol.<type>.allow config80test_expect_success "clone $desc (enabled with config)" '81rm -rf tmp.git &&82git -c protocol.$proto.allow=always clone --bare "$url" tmp.git83'8485test_expect_success "fetch $desc (enabled)" '86git -C tmp.git -c protocol.$proto.allow=always fetch87'8889test_expect_success "push $desc (enabled)" '90git -C tmp.git -c protocol.$proto.allow=always push origin HEAD:pushed91'9293test_expect_success "push $desc (disabled)" '94test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed95'9697test_expect_success "fetch $desc (disabled)" '98test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch99'100101test_expect_success "clone $desc (disabled)" '102rm -rf tmp.git &&103test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git104'105106# Test clone/fetch/push with protocol.user.allow and its env var107test_expect_success "clone $desc (enabled)" '108rm -rf tmp.git &&109git -c protocol.$proto.allow=user clone --bare "$url" tmp.git110'111112test_expect_success "fetch $desc (enabled)" '113git -C tmp.git -c protocol.$proto.allow=user fetch114'115116test_expect_success "push $desc (enabled)" '117git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed118'119120test_expect_success "push $desc (disabled)" '121(122cd tmp.git &&123GIT_PROTOCOL_FROM_USER=0 &&124export GIT_PROTOCOL_FROM_USER &&125test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed126)127'128129test_expect_success "fetch $desc (disabled)" '130(131cd tmp.git &&132GIT_PROTOCOL_FROM_USER=0 &&133export GIT_PROTOCOL_FROM_USER &&134test_must_fail git -c protocol.$proto.allow=user fetch135)136'137138test_expect_success "clone $desc (disabled)" '139rm -rf tmp.git &&140(141GIT_PROTOCOL_FROM_USER=0 &&142export GIT_PROTOCOL_FROM_USER &&143test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git144)145'146147# Test clone/fetch/push with protocol.allow user defined default148test_expect_success "clone $desc (enabled)" '149rm -rf tmp.git &&150git config --global protocol.allow always &&151git clone --bare "$url" tmp.git152'153154test_expect_success "fetch $desc (enabled)" '155git -C tmp.git fetch156'157158test_expect_success "push $desc (enabled)" '159git -C tmp.git push origin HEAD:pushed160'161162test_expect_success "push $desc (disabled)" '163git config --global protocol.allow never &&164test_must_fail git -C tmp.git push origin HEAD:pushed165'166167test_expect_success "fetch $desc (disabled)" '168test_must_fail git -C tmp.git fetch169'170171test_expect_success "clone $desc (disabled)" '172rm -rf tmp.git &&173test_must_fail git clone --bare "$url" tmp.git174'175}176177# test cloning a particular protocol178# $1 - description of the protocol179# $2 - machine-readable name of the protocol180# $3 - the URL to try cloning181test_proto () {182test_whitelist "$@"183184test_config "$@"185}186187# set up an ssh wrapper that will access $host/$repo in the188# trash directory, and enable it for subsequent tests.189setup_ssh_wrapper () {190test_expect_success 'setup ssh wrapper' '191write_script ssh-wrapper <<-\EOF &&192echo >&2 "ssh: $*"193host=$1; shift194cd "$TRASH_DIRECTORY/$host" &&195eval "$*"196EOF197GIT_SSH="$PWD/ssh-wrapper" &&198export GIT_SSH &&199export TRASH_DIRECTORY200'201}202203# set up a wrapper that can be used with remote-ext to204# access repositories in the "remote" directory of trash-dir,205# like "ext::fake-remote %S repo.git"206setup_ext_wrapper () {207test_expect_success 'setup ext wrapper' '208write_script fake-remote <<-\EOF &&209echo >&2 "fake-remote: $*"210cd "$TRASH_DIRECTORY/remote" &&211eval "$*"212EOF213PATH=$TRASH_DIRECTORY:$PATH &&214export TRASH_DIRECTORY215'216}