1 # Test routines for checking protocol disabling.
3 # Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist
9 test_expect_success "clone $desc (enabled)" '
12 GIT_ALLOW_PROTOCOL=$proto &&
13 export GIT_ALLOW_PROTOCOL &&
14 git clone --bare "$url" tmp.git
18 test_expect_success "fetch $desc (enabled)" '
21 GIT_ALLOW_PROTOCOL=$proto &&
22 export GIT_ALLOW_PROTOCOL &&
27 test_expect_success "push $desc (enabled)" '
30 GIT_ALLOW_PROTOCOL=$proto &&
31 export GIT_ALLOW_PROTOCOL &&
32 git push origin HEAD:pushed
36 test_expect_success "push $desc (disabled)" '
39 GIT_ALLOW_PROTOCOL=none &&
40 export GIT_ALLOW_PROTOCOL &&
41 test_must_fail git push origin HEAD:pushed
45 test_expect_success "fetch $desc (disabled)" '
48 GIT_ALLOW_PROTOCOL=none &&
49 export GIT_ALLOW_PROTOCOL &&
50 test_must_fail git fetch
54 test_expect_success "clone $desc (disabled)" '
57 GIT_ALLOW_PROTOCOL=none &&
58 export GIT_ALLOW_PROTOCOL &&
59 test_must_fail git clone --bare "$url" tmp.git
63 test_expect_success "clone $desc (env var has precedence)" '
66 GIT_ALLOW_PROTOCOL=none &&
67 export GIT_ALLOW_PROTOCOL &&
68 test_must_fail git -c protocol.allow=always clone --bare "$url" tmp.git &&
69 test_must_fail git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
79 # Test clone/fetch/push with protocol.<type>.allow config
80 test_expect_success "clone $desc (enabled with config)" '
82 git -c protocol.$proto.allow=always clone --bare "$url" tmp.git
85 test_expect_success "fetch $desc (enabled)" '
86 git -C tmp.git -c protocol.$proto.allow=always fetch
89 test_expect_success "push $desc (enabled)" '
90 git -C tmp.git -c protocol.$proto.allow=always push origin HEAD:pushed
93 test_expect_success "push $desc (disabled)" '
94 test_must_fail git -C tmp.git -c protocol.$proto.allow=never push origin HEAD:pushed
97 test_expect_success "fetch $desc (disabled)" '
98 test_must_fail git -C tmp.git -c protocol.$proto.allow=never fetch
101 test_expect_success "clone $desc (disabled)" '
103 test_must_fail git -c protocol.$proto.allow=never clone --bare "$url" tmp.git
106 # Test clone/fetch/push with protocol.user.allow and its env var
107 test_expect_success "clone $desc (enabled)" '
109 git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
112 test_expect_success "fetch $desc (enabled)" '
113 git -C tmp.git -c protocol.$proto.allow=user fetch
116 test_expect_success "push $desc (enabled)" '
117 git -C tmp.git -c protocol.$proto.allow=user push origin HEAD:pushed
120 test_expect_success "push $desc (disabled)" '
123 GIT_PROTOCOL_FROM_USER=0 &&
124 export GIT_PROTOCOL_FROM_USER &&
125 test_must_fail git -c protocol.$proto.allow=user push origin HEAD:pushed
129 test_expect_success "fetch $desc (disabled)" '
132 GIT_PROTOCOL_FROM_USER=0 &&
133 export GIT_PROTOCOL_FROM_USER &&
134 test_must_fail git -c protocol.$proto.allow=user fetch
138 test_expect_success "clone $desc (disabled)" '
141 GIT_PROTOCOL_FROM_USER=0 &&
142 export GIT_PROTOCOL_FROM_USER &&
143 test_must_fail git -c protocol.$proto.allow=user clone --bare "$url" tmp.git
147 # Test clone/fetch/push with protocol.allow user defined default
148 test_expect_success "clone $desc (enabled)" '
150 test_config_global protocol.allow always &&
151 git clone --bare "$url" tmp.git
154 test_expect_success "fetch $desc (enabled)" '
155 test_config_global protocol.allow always &&
159 test_expect_success "push $desc (enabled)" '
160 test_config_global protocol.allow always &&
161 git -C tmp.git push origin HEAD:pushed
164 test_expect_success "push $desc (disabled)" '
165 test_config_global protocol.allow never &&
166 test_must_fail git -C tmp.git push origin HEAD:pushed
169 test_expect_success "fetch $desc (disabled)" '
170 test_config_global protocol.allow never &&
171 test_must_fail git -C tmp.git fetch
174 test_expect_success "clone $desc (disabled)" '
176 test_config_global protocol.allow never &&
177 test_must_fail git clone --bare "$url" tmp.git
181 # test cloning a particular protocol
182 # $1 - description of the protocol
183 # $2 - machine-readable name of the protocol
184 # $3 - the URL to try cloning
191 # set up an ssh wrapper that will access $host/$repo in the
192 # trash directory, and enable it for subsequent tests.
193 setup_ssh_wrapper () {
194 test_expect_success 'setup ssh wrapper' '
195 write_script ssh-wrapper <<-\EOF &&
198 cd "$TRASH_DIRECTORY/$host" &&
201 GIT_SSH="$PWD/ssh-wrapper" &&
203 export TRASH_DIRECTORY
207 # set up a wrapper that can be used with remote-ext to
208 # access repositories in the "remote" directory of trash-dir,
209 # like "ext::fake-remote %S repo.git"
210 setup_ext_wrapper () {
211 test_expect_success 'setup ext wrapper' '
212 write_script fake-remote <<-\EOF &&
213 echo >&2 "fake-remote: $*"
214 cd "$TRASH_DIRECTORY/remote" &&
217 PATH=$TRASH_DIRECTORY:$PATH &&
218 export TRASH_DIRECTORY