t/t0033-safe-directory.sh at reftables-rust

freshlybakedca.ke / git
fork atom
Git fork
fork atom
git / t / t0033-safe-directory.sh
at reftables-rust 299 lines 8.1 kB view raw
wrap content
Patrick Steinhardt t: remove TEST_PASSES_SANITIZE_LEAK annotations 1y ago
fc1ddf42
  1#!/bin/sh
  2
  3test_description='verify safe.directory checks'
  4
  5. ./test-lib.sh
  6
  7GIT_TEST_ASSUME_DIFFERENT_OWNER=1
  8export GIT_TEST_ASSUME_DIFFERENT_OWNER
  9
 10expect_rejected_dir () {
 11	test_must_fail git status 2>err &&
 12	grep "dubious ownership" err
 13}
 14
 15test_expect_success 'safe.directory is not set' '
 16	expect_rejected_dir
 17'
 18
 19test_expect_success 'safe.directory on the command line' '
 20	git -c safe.directory="$(pwd)" status
 21'
 22
 23test_expect_success 'safe.directory in the environment' '
 24	env GIT_CONFIG_COUNT=1 \
 25	    GIT_CONFIG_KEY_0="safe.directory" \
 26	    GIT_CONFIG_VALUE_0="$(pwd)" \
 27	    git status
 28'
 29
 30test_expect_success 'safe.directory in GIT_CONFIG_PARAMETERS' '
 31	env GIT_CONFIG_PARAMETERS="${SQ}safe.directory${SQ}=${SQ}$(pwd)${SQ}" \
 32	    git status
 33'
 34
 35test_expect_success 'ignoring safe.directory in repo config' '
 36	(
 37		unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
 38		git config safe.directory "$(pwd)"
 39	) &&
 40	expect_rejected_dir
 41'
 42
 43test_expect_success 'safe.directory does not match' '
 44	git config --global safe.directory bogus &&
 45	expect_rejected_dir
 46'
 47
 48test_expect_success 'path exist as different key' '
 49	git config --global foo.bar "$(pwd)" &&
 50	expect_rejected_dir
 51'
 52
 53test_expect_success 'safe.directory matches' '
 54	git config --global --add safe.directory "$(pwd)" &&
 55	git status
 56'
 57
 58test_expect_success 'safe.directory matches, but is reset' '
 59	git config --global --add safe.directory "" &&
 60	expect_rejected_dir
 61'
 62
 63test_expect_success 'safe.directory=*' '
 64	git config --global --add safe.directory "*" &&
 65	git status
 66'
 67
 68test_expect_success 'safe.directory=*, but is reset' '
 69	git config --global --add safe.directory "" &&
 70	expect_rejected_dir
 71'
 72
 73test_expect_success 'safe.directory with matching glob' '
 74	git config --global --unset-all safe.directory &&
 75	p=$(pwd) &&
 76	git config --global safe.directory "${p%/*}/*" &&
 77	git status
 78'
 79
 80test_expect_success 'safe.directory with unmatching glob' '
 81	git config --global --unset-all safe.directory &&
 82	p=$(pwd) &&
 83	git config --global safe.directory "${p%/*}no/*" &&
 84	expect_rejected_dir
 85'
 86
 87test_expect_success 'safe.directory in included file' '
 88	git config --global --unset-all safe.directory &&
 89	cat >gitconfig-include <<-EOF &&
 90	[safe]
 91		directory = "$(pwd)"
 92	EOF
 93	git config --global --add include.path "$(pwd)/gitconfig-include" &&
 94	git status
 95'
 96
 97test_expect_success 'local clone of unowned repo refused in unsafe directory' '
 98	test_when_finished "rm -rf source" &&
 99	git init source &&
100	(
101		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
102		test_commit -C source initial
103	) &&
104	test_must_fail git clone --local source target &&
105	test_path_is_missing target
106'
107
108test_expect_success 'local clone of unowned repo accepted in safe directory' '
109	test_when_finished "rm -rf source" &&
110	git init source &&
111	(
112		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
113		test_commit -C source initial
114	) &&
115	test_must_fail git clone --local source target &&
116	git config --global --add safe.directory "$(pwd)/source/.git" &&
117	git clone --local source target &&
118	test_path_is_dir target
119'
120
121test_expect_success SYMLINKS 'checked paths are normalized' '
122	test_when_finished "rm -rf repository; rm -f repo" &&
123	(
124		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
125		git config --global --unset-all safe.directory
126	) &&
127	git init repository &&
128	ln -s repository repo &&
129	(
130		cd repository &&
131		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
132		test_commit sample
133	) &&
134
135	(
136		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
137		git config --global safe.directory "$(pwd)/repository"
138	) &&
139	git -C repository for-each-ref &&
140	git -C repository/ for-each-ref &&
141	git -C repo for-each-ref &&
142	git -C repo/ for-each-ref &&
143	test_must_fail git -C repository/.git for-each-ref &&
144	test_must_fail git -C repository/.git/ for-each-ref &&
145	test_must_fail git -C repo/.git for-each-ref &&
146	test_must_fail git -C repo/.git/ for-each-ref
147'
148
149test_expect_success SYMLINKS 'checked leading paths are normalized' '
150	test_when_finished "rm -rf repository; rm -f repo" &&
151	(
152		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
153		git config --global --unset-all safe.directory
154	) &&
155	mkdir -p repository &&
156	git init repository/s &&
157	ln -s repository repo &&
158	(
159		cd repository/s &&
160		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
161		test_commit sample
162	) &&
163
164	(
165		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
166		git config --global safe.directory "$(pwd)/repository/*"
167	) &&
168	git -C repository/s for-each-ref &&
169	git -C repository/s/ for-each-ref &&
170	git -C repo/s for-each-ref &&
171	git -C repo/s/ for-each-ref &&
172	git -C repository/s/.git for-each-ref &&
173	git -C repository/s/.git/ for-each-ref &&
174	git -C repo/s/.git for-each-ref &&
175	git -C repo/s/.git/ for-each-ref
176'
177
178test_expect_success SYMLINKS 'configured paths are normalized' '
179	test_when_finished "rm -rf repository; rm -f repo" &&
180	(
181		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
182		git config --global --unset-all safe.directory
183	) &&
184	git init repository &&
185	ln -s repository repo &&
186	(
187		cd repository &&
188		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
189		test_commit sample
190	) &&
191
192	(
193		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
194		git config --global safe.directory "$(pwd)/repo"
195	) &&
196	git -C repository for-each-ref &&
197	git -C repository/ for-each-ref &&
198	git -C repo for-each-ref &&
199	git -C repo/ for-each-ref &&
200	test_must_fail git -C repository/.git for-each-ref &&
201	test_must_fail git -C repository/.git/ for-each-ref &&
202	test_must_fail git -C repo/.git for-each-ref &&
203	test_must_fail git -C repo/.git/ for-each-ref
204'
205
206test_expect_success SYMLINKS 'configured leading paths are normalized' '
207	test_when_finished "rm -rf repository; rm -f repo" &&
208	(
209		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
210		git config --global --unset-all safe.directory
211	) &&
212	mkdir -p repository &&
213	git init repository/s &&
214	ln -s repository repo &&
215	(
216		cd repository/s &&
217		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
218		test_commit sample
219	) &&
220
221	(
222		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
223		git config --global safe.directory "$(pwd)/repo/*"
224	) &&
225	git -C repository/s for-each-ref &&
226	git -C repository/s/ for-each-ref &&
227	git -C repository/s/.git for-each-ref &&
228	git -C repository/s/.git/ for-each-ref &&
229	git -C repo/s for-each-ref &&
230	git -C repo/s/ for-each-ref &&
231	git -C repo/s/.git for-each-ref &&
232	git -C repo/s/.git/ for-each-ref
233'
234
235test_expect_success 'safe.directory set to a dot' '
236	test_when_finished "rm -rf repository" &&
237	(
238		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
239		git config --global --unset-all safe.directory
240	) &&
241	mkdir -p repository/subdir &&
242	git init repository &&
243	(
244		cd repository &&
245		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
246		test_commit sample
247	) &&
248
249	(
250		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
251		git config --global safe.directory "."
252	) &&
253	git -C repository for-each-ref &&
254	git -C repository/ for-each-ref &&
255	git -C repository/.git for-each-ref &&
256	git -C repository/.git/ for-each-ref &&
257
258	# What is allowed is repository/subdir but the repository
259	# path is repository.
260	test_must_fail git -C repository/subdir for-each-ref &&
261
262	# Likewise, repository .git/refs is allowed with "." but
263	# repository/.git that is accessed is not allowed.
264	test_must_fail git -C repository/.git/refs for-each-ref
265'
266
267test_expect_success 'safe.directory set to asterisk' '
268	test_when_finished "rm -rf repository" &&
269	(
270		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
271		git config --global --unset-all safe.directory
272	) &&
273	mkdir -p repository/subdir &&
274	git init repository &&
275	(
276		cd repository &&
277		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
278		test_commit sample
279	) &&
280
281	(
282		sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
283		git config --global safe.directory "*"
284	) &&
285	# these are trivial
286	git -C repository for-each-ref &&
287	git -C repository/ for-each-ref &&
288	git -C repository/.git for-each-ref &&
289	git -C repository/.git/ for-each-ref &&
290
291	# With "*", everything is allowed, and the repository is
292	# discovered, which is different behaviour from "." above.
293	git -C repository/subdir for-each-ref &&
294
295	# Likewise.
296	git -C repository/.git/refs for-each-ref
297'
298
299test_done