# Test routines for checking protocol disabling. # Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist test_whitelist () { desc=$1 proto=$2 url=$3 test_expect_success "clone $desc (enabled)" ' rm -rf tmp.git && ( GIT_ALLOW_PROTOCOL=$proto && export GIT_ALLOW_PROTOCOL && git clone --bare "$url" tmp.git ) ' test_expect_success "fetch $desc (enabled)" ' ( cd tmp.git && GIT_ALLOW_PROTOCOL=$proto && export GIT_ALLOW_PROTOCOL && git fetch ) ' test_expect_success "push $desc (enabled)" ' ( cd tmp.git && GIT_ALLOW_PROTOCOL=$proto && export GIT_ALLOW_PROTOCOL && git push origin HEAD:pushed ) ' test_expect_success "push $desc (disabled)" ' ( cd tmp.git && GIT_ALLOW_PROTOCOL=none && export GIT_ALLOW_PROTOCOL && test_must_fail git push origin HEAD:pushed ) ' test_expect_success "fetch $desc (disabled)" ' ( cd tmp.git && GIT_ALLOW_PROTOCOL=none && export GIT_ALLOW_PROTOCOL && test_must_fail git fetch ) ' test_expect_success "clone $desc (disabled)" ' rm -rf tmp.git && ( GIT_ALLOW_PROTOCOL=none && export GIT_ALLOW_PROTOCOL && test_must_fail git clone --bare "$url" tmp.git ) ' test_expect_success "clone $desc (env var has precedence)" ' rm -rf tmp.git && ( GIT_ALLOW_PROTOCOL=none && export GIT_ALLOW_PROTOCOL && test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git && test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git ) ' } test_config () { desc=$1 proto=$2 url=$3 # Test clone/fetch/push with protocol..allow config test_expect_success "clone $desc (enabled with config)" ' rm -rf tmp.git && git -c protocol.$proto.allow=always clone --bare "$url" tmp.git ' test_expect_success "fetch $desc (enabled)" ' git -C tmp.git -c protocol.$proto.allow=always fetch ' test_expect_success "push $desc (enabled)" ' git -C tmp.git -c protocol.$proto.allow=always push origin HEAD:pushed ' test_expect_success "push $desc (disabled)" ' test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed ' test_expect_success "fetch $desc (disabled)" ' test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch ' test_expect_success "clone $desc (disabled)" ' rm -rf tmp.git && test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git ' # Test clone/fetch/push with protocol.user.allow and its env var test_expect_success "clone $desc (enabled)" ' rm -rf tmp.git && git -c protocol.$proto.allow=user clone --bare "$url" tmp.git ' test_expect_success "fetch $desc (enabled)" ' git -C tmp.git -c protocol.$proto.allow=user fetch ' test_expect_success "push $desc (enabled)" ' git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed ' test_expect_success "push $desc (disabled)" ' ( cd tmp.git && GIT_PROTOCOL_FROM_USER=0 && export GIT_PROTOCOL_FROM_USER && test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed ) ' test_expect_success "fetch $desc (disabled)" ' ( cd tmp.git && GIT_PROTOCOL_FROM_USER=0 && export GIT_PROTOCOL_FROM_USER && test_must_fail git -c protocol.$proto.allow=user fetch ) ' test_expect_success "clone $desc (disabled)" ' rm -rf tmp.git && ( GIT_PROTOCOL_FROM_USER=0 && export GIT_PROTOCOL_FROM_USER && test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git ) ' # Test clone/fetch/push with protocol.allow user defined default test_expect_success "clone $desc (enabled)" ' rm -rf tmp.git && test_config_global protocol.allow always && git clone --bare "$url" tmp.git ' test_expect_success "fetch $desc (enabled)" ' test_config_global protocol.allow always && git -C tmp.git fetch ' test_expect_success "push $desc (enabled)" ' test_config_global protocol.allow always && git -C tmp.git push origin HEAD:pushed ' test_expect_success "push $desc (disabled)" ' test_config_global protocol.allow never && test_must_fail git -C tmp.git push origin HEAD:pushed ' test_expect_success "fetch $desc (disabled)" ' test_config_global protocol.allow never && test_must_fail git -C tmp.git fetch ' test_expect_success "clone $desc (disabled)" ' rm -rf tmp.git && test_config_global protocol.allow never && test_must_fail git clone --bare "$url" tmp.git ' } # test cloning a particular protocol # $1 - description of the protocol # $2 - machine-readable name of the protocol # $3 - the URL to try cloning test_proto () { test_whitelist "$@" test_config "$@" } # set up an ssh wrapper that will access $host/$repo in the # trash directory, and enable it for subsequent tests. setup_ssh_wrapper () { test_expect_success 'setup ssh wrapper' ' write_script ssh-wrapper <<-\EOF && echo >&2 "ssh: $*" host=$1; shift cd "$TRASH_DIRECTORY/$host" && eval "$*" EOF GIT_SSH="$PWD/ssh-wrapper" && export GIT_SSH && export TRASH_DIRECTORY ' } # set up a wrapper that can be used with remote-ext to # access repositories in the "remote" directory of trash-dir, # like "ext::fake-remote %S repo.git" setup_ext_wrapper () { test_expect_success 'setup ext wrapper' ' write_script fake-remote <<-\EOF && echo >&2 "fake-remote: $*" cd "$TRASH_DIRECTORY/remote" && eval "$*" EOF PATH=$TRASH_DIRECTORY:$PATH && export TRASH_DIRECTORY ' }