t3210: add some tests of bogus packed-refs file contents
[gitweb.git] / t / t5550-http-fetch-dumb.sh
index 264a1ab8b0ea794ce398d9d5c3a40adb31bd0ff9..87308cdced9af11365d5eb0644b9ac86fac21177 100755 (executable)
@@ -34,6 +34,15 @@ test_expect_success 'clone http repository' '
        test_cmp file clone/file
 '
 
+test_expect_success 'list refs from outside any repository' '
+       cat >expect <<-EOF &&
+       $(git rev-parse master) HEAD
+       $(git rev-parse master) refs/heads/master
+       EOF
+       nongit git ls-remote "$HTTPD_URL/dumb/repo.git" >actual &&
+       test_cmp expect actual
+'
+
 test_expect_success 'create password-protected repository' '
        mkdir -p "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/" &&
        cp -Rf "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \
@@ -368,5 +377,24 @@ test_expect_success 'http-alternates cannot point at funny protocols' '
                clone "$HTTPD_URL/dumb/evil.git" evil-file
 '
 
+test_expect_success 'http-alternates triggers not-from-user protocol check' '
+       echo "$HTTPD_URL/dumb/victim.git/objects" \
+               >"$evil/objects/info/http-alternates" &&
+       test_config_global http.followRedirects true &&
+       test_must_fail git -c protocol.http.allow=user \
+               clone $HTTPD_URL/dumb/evil.git evil-user &&
+       git -c protocol.http.allow=always \
+               clone $HTTPD_URL/dumb/evil.git evil-user
+'
+
+test_expect_success 'can redirect through non-"info/refs?service=git-upload-pack" URL' '
+       git clone "$HTTPD_URL/redir-to/dumb/repo.git"
+'
+
+test_expect_success 'print HTTP error when any intermediate redirect throws error' '
+       test_must_fail git clone "$HTTPD_URL/redir-to/502" 2> stderr &&
+       test_i18ngrep "unable to access.*/redir-to/502" stderr
+'
+
 stop_httpd
 test_done