| #!/bin/sh |
| |
| test_description='verify safe.directory checks' |
| |
| TEST_PASSES_SANITIZE_LEAK=true |
| . ./test-lib.sh |
| |
| GIT_TEST_ASSUME_DIFFERENT_OWNER=1 |
| export GIT_TEST_ASSUME_DIFFERENT_OWNER |
| |
| expect_rejected_dir () { |
| test_must_fail git status 2>err && |
| grep "dubious ownership" err |
| } |
| |
| test_expect_success 'safe.directory is not set' ' |
| expect_rejected_dir |
| ' |
| |
| test_expect_success 'safe.directory on the command line' ' |
| git -c safe.directory="$(pwd)" status |
| ' |
| |
| test_expect_success 'safe.directory in the environment' ' |
| env GIT_CONFIG_COUNT=1 \ |
| GIT_CONFIG_KEY_0="safe.directory" \ |
| GIT_CONFIG_VALUE_0="$(pwd)" \ |
| git status |
| ' |
| |
| test_expect_success 'safe.directory in GIT_CONFIG_PARAMETERS' ' |
| env GIT_CONFIG_PARAMETERS="${SQ}safe.directory${SQ}=${SQ}$(pwd)${SQ}" \ |
| git status |
| ' |
| |
| test_expect_success 'ignoring safe.directory in repo config' ' |
| ( |
| unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config safe.directory "$(pwd)" |
| ) && |
| expect_rejected_dir |
| ' |
| |
| test_expect_success 'safe.directory does not match' ' |
| git config --global safe.directory bogus && |
| expect_rejected_dir |
| ' |
| |
| test_expect_success 'path exist as different key' ' |
| git config --global foo.bar "$(pwd)" && |
| expect_rejected_dir |
| ' |
| |
| test_expect_success 'safe.directory matches' ' |
| git config --global --add safe.directory "$(pwd)" && |
| git status |
| ' |
| |
| test_expect_success 'safe.directory matches, but is reset' ' |
| git config --global --add safe.directory "" && |
| expect_rejected_dir |
| ' |
| |
| test_expect_success 'safe.directory=*' ' |
| git config --global --add safe.directory "*" && |
| git status |
| ' |
| |
| test_expect_success 'safe.directory=*, but is reset' ' |
| git config --global --add safe.directory "" && |
| expect_rejected_dir |
| ' |
| |
| test_expect_success 'safe.directory with matching glob' ' |
| git config --global --unset-all safe.directory && |
| p=$(pwd) && |
| git config --global safe.directory "${p%/*}/*" && |
| git status |
| ' |
| |
| test_expect_success 'safe.directory with unmatching glob' ' |
| git config --global --unset-all safe.directory && |
| p=$(pwd) && |
| git config --global safe.directory "${p%/*}no/*" && |
| expect_rejected_dir |
| ' |
| |
| test_expect_success 'safe.directory in included file' ' |
| git config --global --unset-all safe.directory && |
| cat >gitconfig-include <<-EOF && |
| [safe] |
| directory = "$(pwd)" |
| EOF |
| git config --global --add include.path "$(pwd)/gitconfig-include" && |
| git status |
| ' |
| |
| test_expect_success 'local clone of unowned repo refused in unsafe directory' ' |
| test_when_finished "rm -rf source" && |
| git init source && |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| test_commit -C source initial |
| ) && |
| test_must_fail git clone --local source target && |
| test_path_is_missing target |
| ' |
| |
| test_expect_success 'local clone of unowned repo accepted in safe directory' ' |
| test_when_finished "rm -rf source" && |
| git init source && |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| test_commit -C source initial |
| ) && |
| test_must_fail git clone --local source target && |
| git config --global --add safe.directory "$(pwd)/source/.git" && |
| git clone --local source target && |
| test_path_is_dir target |
| ' |
| |
| test_expect_success SYMLINKS 'checked paths are normalized' ' |
| test_when_finished "rm -rf repository; rm -f repo" && |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global --unset-all safe.directory |
| ) && |
| git init repository && |
| ln -s repository repo && |
| ( |
| cd repository && |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| test_commit sample |
| ) && |
| |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global safe.directory "$(pwd)/repository" |
| ) && |
| git -C repository for-each-ref && |
| git -C repository/ for-each-ref && |
| git -C repo for-each-ref && |
| git -C repo/ for-each-ref && |
| test_must_fail git -C repository/.git for-each-ref && |
| test_must_fail git -C repository/.git/ for-each-ref && |
| test_must_fail git -C repo/.git for-each-ref && |
| test_must_fail git -C repo/.git/ for-each-ref |
| ' |
| |
| test_expect_success SYMLINKS 'checked leading paths are normalized' ' |
| test_when_finished "rm -rf repository; rm -f repo" && |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global --unset-all safe.directory |
| ) && |
| mkdir -p repository && |
| git init repository/s && |
| ln -s repository repo && |
| ( |
| cd repository/s && |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| test_commit sample |
| ) && |
| |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global safe.directory "$(pwd)/repository/*" |
| ) && |
| git -C repository/s for-each-ref && |
| git -C repository/s/ for-each-ref && |
| git -C repo/s for-each-ref && |
| git -C repo/s/ for-each-ref && |
| git -C repository/s/.git for-each-ref && |
| git -C repository/s/.git/ for-each-ref && |
| git -C repo/s/.git for-each-ref && |
| git -C repo/s/.git/ for-each-ref |
| ' |
| |
| test_expect_success SYMLINKS 'configured paths are normalized' ' |
| test_when_finished "rm -rf repository; rm -f repo" && |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global --unset-all safe.directory |
| ) && |
| git init repository && |
| ln -s repository repo && |
| ( |
| cd repository && |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| test_commit sample |
| ) && |
| |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global safe.directory "$(pwd)/repo" |
| ) && |
| git -C repository for-each-ref && |
| git -C repository/ for-each-ref && |
| git -C repo for-each-ref && |
| git -C repo/ for-each-ref && |
| test_must_fail git -C repository/.git for-each-ref && |
| test_must_fail git -C repository/.git/ for-each-ref && |
| test_must_fail git -C repo/.git for-each-ref && |
| test_must_fail git -C repo/.git/ for-each-ref |
| ' |
| |
| test_expect_success SYMLINKS 'configured leading paths are normalized' ' |
| test_when_finished "rm -rf repository; rm -f repo" && |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global --unset-all safe.directory |
| ) && |
| mkdir -p repository && |
| git init repository/s && |
| ln -s repository repo && |
| ( |
| cd repository/s && |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| test_commit sample |
| ) && |
| |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global safe.directory "$(pwd)/repo/*" |
| ) && |
| git -C repository/s for-each-ref && |
| git -C repository/s/ for-each-ref && |
| git -C repository/s/.git for-each-ref && |
| git -C repository/s/.git/ for-each-ref && |
| git -C repo/s for-each-ref && |
| git -C repo/s/ for-each-ref && |
| git -C repo/s/.git for-each-ref && |
| git -C repo/s/.git/ for-each-ref |
| ' |
| |
| test_expect_success 'safe.directory set to a dot' ' |
| test_when_finished "rm -rf repository" && |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global --unset-all safe.directory |
| ) && |
| mkdir -p repository/subdir && |
| git init repository && |
| ( |
| cd repository && |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| test_commit sample |
| ) && |
| |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global safe.directory "." |
| ) && |
| git -C repository for-each-ref && |
| git -C repository/ for-each-ref && |
| git -C repository/.git for-each-ref && |
| git -C repository/.git/ for-each-ref && |
| |
| # What is allowed is repository/subdir but the repository |
| # path is repository. |
| test_must_fail git -C repository/subdir for-each-ref && |
| |
| # Likewise, repository .git/refs is allowed with "." but |
| # repository/.git that is accessed is not allowed. |
| test_must_fail git -C repository/.git/refs for-each-ref |
| ' |
| |
| test_expect_success 'safe.directory set to asterisk' ' |
| test_when_finished "rm -rf repository" && |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global --unset-all safe.directory |
| ) && |
| mkdir -p repository/subdir && |
| git init repository && |
| ( |
| cd repository && |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| test_commit sample |
| ) && |
| |
| ( |
| sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER && |
| git config --global safe.directory "*" |
| ) && |
| # these are trivial |
| git -C repository for-each-ref && |
| git -C repository/ for-each-ref && |
| git -C repository/.git for-each-ref && |
| git -C repository/.git/ for-each-ref && |
| |
| # With "*", everything is allowed, and the repository is |
| # discovered, which is different behaviour from "." above. |
| git -C repository/subdir for-each-ref && |
| |
| # Likewise. |
| git -C repository/.git/refs for-each-ref |
| ' |
| |
| test_done |