diff options
Diffstat (limited to 'test/test_repo.py')
| -rw-r--r-- | test/test_repo.py | 143 | 
1 files changed, 143 insertions, 0 deletions
| diff --git a/test/test_repo.py b/test/test_repo.py index 6382db7e..5874dbe6 100644 --- a/test/test_repo.py +++ b/test/test_repo.py @@ -37,6 +37,8 @@ from git import (  )  from git.exc import (      BadObject, +    UnsafeOptionError, +    UnsafeProtocolError,  )  from git.repo.fun import touch  from test.lib import TestBase, with_rw_repo, fixture @@ -223,6 +225,7 @@ class TestRepo(TestBase):                  "--config submodule.repo.update=checkout",                  "--config filter.lfs.clean='git-lfs clean -- %f'",              ], +            allow_unsafe_options=True,          )          self.assertEqual(cloned.config_reader().get_value("submodule", "active"), "repo") @@ -264,6 +267,146 @@ class TestRepo(TestBase):          )      @with_rw_repo("HEAD") +    def test_clone_unsafe_options(self, rw_repo): +        tmp_dir = pathlib.Path(tempfile.mkdtemp()) +        tmp_file = tmp_dir / "pwn" +        unsafe_options = [ +            f"--upload-pack='touch {tmp_file}'", +            f"-u 'touch {tmp_file}'", +            "--config=protocol.ext.allow=always", +            "-c protocol.ext.allow=always", +        ] +        for unsafe_option in unsafe_options: +            with self.assertRaises(UnsafeOptionError): +                rw_repo.clone(tmp_dir, multi_options=[unsafe_option]) +            assert not tmp_file.exists() + +    @with_rw_repo("HEAD") +    def test_clone_unsafe_options_allowed(self, rw_repo): +        tmp_dir = pathlib.Path(tempfile.mkdtemp()) +        tmp_file = tmp_dir / "pwn" +        unsafe_options = [ +            f"--upload-pack='touch {tmp_file}'", +            f"-u 'touch {tmp_file}'", +        ] +        for i, unsafe_option in enumerate(unsafe_options): +            destination = tmp_dir / str(i) +            assert not tmp_file.exists() +            # The options will be allowed, but the command will fail. +            with self.assertRaises(GitCommandError): +                rw_repo.clone(destination, multi_options=[unsafe_option], allow_unsafe_options=True) +            assert tmp_file.exists() +            tmp_file.unlink() + +        unsafe_options = [ +            "--config=protocol.ext.allow=always", +            "-c protocol.ext.allow=always", +        ] +        for i, unsafe_option in enumerate(unsafe_options): +            destination = tmp_dir / str(i) +            assert not destination.exists() +            rw_repo.clone(destination, multi_options=[unsafe_option], allow_unsafe_options=True) +            assert destination.exists() + +    @with_rw_repo("HEAD") +    def test_clone_safe_options(self, rw_repo): +        tmp_dir = pathlib.Path(tempfile.mkdtemp()) +        options = [ +            "--depth=1", +            "--single-branch", +            "-q", +        ] +        for option in options: +            destination = tmp_dir / option +            assert not destination.exists() +            rw_repo.clone(destination, multi_options=[option]) +            assert destination.exists() + +    @with_rw_repo("HEAD") +    def test_clone_from_unsafe_options(self, rw_repo): +        tmp_dir = pathlib.Path(tempfile.mkdtemp()) +        tmp_file = tmp_dir / "pwn" +        unsafe_options = [ +            f"--upload-pack='touch {tmp_file}'", +            f"-u 'touch {tmp_file}'", +            "--config=protocol.ext.allow=always", +            "-c protocol.ext.allow=always", +        ] +        for unsafe_option in unsafe_options: +            with self.assertRaises(UnsafeOptionError): +                Repo.clone_from(rw_repo.working_dir, tmp_dir, multi_options=[unsafe_option]) +            assert not tmp_file.exists() + +    @with_rw_repo("HEAD") +    def test_clone_from_unsafe_options_allowed(self, rw_repo): +        tmp_dir = pathlib.Path(tempfile.mkdtemp()) +        tmp_file = tmp_dir / "pwn" +        unsafe_options = [ +            f"--upload-pack='touch {tmp_file}'", +            f"-u 'touch {tmp_file}'", +        ] +        for i, unsafe_option in enumerate(unsafe_options): +            destination = tmp_dir / str(i) +            assert not tmp_file.exists() +            # The options will be allowed, but the command will fail. +            with self.assertRaises(GitCommandError): +                Repo.clone_from( +                    rw_repo.working_dir, destination, multi_options=[unsafe_option], allow_unsafe_options=True +                ) +            assert tmp_file.exists() +            tmp_file.unlink() + +        unsafe_options = [ +            "--config=protocol.ext.allow=always", +            "-c protocol.ext.allow=always", +        ] +        for i, unsafe_option in enumerate(unsafe_options): +            destination = tmp_dir / str(i) +            assert not destination.exists() +            Repo.clone_from(rw_repo.working_dir, destination, multi_options=[unsafe_option], allow_unsafe_options=True) +            assert destination.exists() + +    @with_rw_repo("HEAD") +    def test_clone_from_safe_options(self, rw_repo): +        tmp_dir = pathlib.Path(tempfile.mkdtemp()) +        options = [ +            "--depth=1", +            "--single-branch", +            "-q", +        ] +        for option in options: +            destination = tmp_dir / option +            assert not destination.exists() +            Repo.clone_from(rw_repo.common_dir, destination, multi_options=[option]) +            assert destination.exists() + +    def test_clone_from_unsafe_procol(self): +        tmp_dir = pathlib.Path(tempfile.mkdtemp()) +        tmp_file = tmp_dir / "pwn" +        urls = [ +            f"ext::sh -c touch% {tmp_file}", +            "fd::17/foo", +        ] +        for url in urls: +            with self.assertRaises(UnsafeProtocolError): +                Repo.clone_from(url, tmp_dir) +            assert not tmp_file.exists() + +    def test_clone_from_unsafe_procol_allowed(self): +        tmp_dir = pathlib.Path(tempfile.mkdtemp()) +        tmp_file = tmp_dir / "pwn" +        urls = [ +            "ext::sh -c touch% /tmp/pwn", +            "fd::/foo", +        ] +        for url in urls: +            # The URL will be allowed into the command, but the command will +            # fail since we don't have that protocol enabled in the Git config file. +            with self.assertRaises(GitCommandError): +                Repo.clone_from(url, tmp_dir, allow_unsafe_protocols=True) +            assert not tmp_file.exists() + +    @with_rw_repo("HEAD")      def test_max_chunk_size(self, repo):          class TestOutputStream(TestBase):              def __init__(self, max_chunk_size): | 
