blob: e103fe710927ceaa9e04a75dd70f141a86c0a6dc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
#!/bin/sh
test_description='verify safe.directory checks'
. ./test-lib.sh
GIT_TEST_ASSUME_DIFFERENT_OWNER=1
export GIT_TEST_ASSUME_DIFFERENT_OWNER
expect_rejected_dir () {
test_must_fail git status 2>err &&
grep "dubious ownership" err
}
test_expect_success 'safe.directory is not set' '
expect_rejected_dir
'
test_expect_success 'safe.directory on the command line' '
git -c safe.directory="$(pwd)" status
'
test_expect_success 'safe.directory in the environment' '
env GIT_CONFIG_COUNT=1 \
GIT_CONFIG_KEY_0="safe.directory" \
GIT_CONFIG_VALUE_0="$(pwd)" \
git status
'
test_expect_success 'safe.directory in GIT_CONFIG_PARAMETERS' '
env GIT_CONFIG_PARAMETERS="${SQ}safe.directory${SQ}=${SQ}$(pwd)${SQ}" \
git status
'
test_expect_success 'ignoring safe.directory in repo config' '
(
unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config safe.directory "$(pwd)"
) &&
expect_rejected_dir
'
test_expect_success 'safe.directory does not match' '
git config --global safe.directory bogus &&
expect_rejected_dir
'
test_expect_success 'path exist as different key' '
git config --global foo.bar "$(pwd)" &&
expect_rejected_dir
'
test_expect_success 'safe.directory matches' '
git config --global --add safe.directory "$(pwd)" &&
git status
'
test_expect_success 'safe.directory matches, but is reset' '
git config --global --add safe.directory "" &&
expect_rejected_dir
'
test_expect_success 'safe.directory=*' '
git config --global --add safe.directory "*" &&
git status
'
test_expect_success 'safe.directory=*, but is reset' '
git config --global --add safe.directory "" &&
expect_rejected_dir
'
test_expect_success 'safe.directory with matching glob' '
git config --global --unset-all safe.directory &&
p=$(pwd) &&
git config --global safe.directory "${p%/*}/*" &&
git status
'
test_expect_success 'safe.directory with unmatching glob' '
git config --global --unset-all safe.directory &&
p=$(pwd) &&
git config --global safe.directory "${p%/*}no/*" &&
expect_rejected_dir
'
test_expect_success 'safe.directory in included file' '
git config --global --unset-all safe.directory &&
cat >gitconfig-include <<-EOF &&
[safe]
directory = "$(pwd)"
EOF
git config --global --add include.path "$(pwd)/gitconfig-include" &&
git status
'
test_expect_success 'local clone of unowned repo refused in unsafe directory' '
test_when_finished "rm -rf source" &&
git init source &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit -C source initial
) &&
test_must_fail git clone --local source target &&
test_path_is_missing target
'
test_expect_success 'local clone of unowned repo accepted in safe directory' '
test_when_finished "rm -rf source" &&
git init source &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit -C source initial
) &&
test_must_fail git clone --local source target &&
git config --global --add safe.directory "$(pwd)/source/.git" &&
git clone --local source target &&
test_path_is_dir target
'
test_expect_success SYMLINKS 'checked paths are normalized' '
test_when_finished "rm -rf repository; rm -f repo" &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global --unset-all safe.directory
) &&
git init repository &&
ln -s repository repo &&
(
cd repository &&
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit sample
) &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global safe.directory "$(pwd)/repository"
) &&
git -C repository for-each-ref &&
git -C repository/ for-each-ref &&
git -C repo for-each-ref &&
git -C repo/ for-each-ref &&
test_must_fail git -C repository/.git for-each-ref &&
test_must_fail git -C repository/.git/ for-each-ref &&
test_must_fail git -C repo/.git for-each-ref &&
test_must_fail git -C repo/.git/ for-each-ref
'
test_expect_success SYMLINKS 'checked leading paths are normalized' '
test_when_finished "rm -rf repository; rm -f repo" &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global --unset-all safe.directory
) &&
mkdir -p repository &&
git init repository/s &&
ln -s repository repo &&
(
cd repository/s &&
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit sample
) &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global safe.directory "$(pwd)/repository/*"
) &&
git -C repository/s for-each-ref &&
git -C repository/s/ for-each-ref &&
git -C repo/s for-each-ref &&
git -C repo/s/ for-each-ref &&
git -C repository/s/.git for-each-ref &&
git -C repository/s/.git/ for-each-ref &&
git -C repo/s/.git for-each-ref &&
git -C repo/s/.git/ for-each-ref
'
test_expect_success SYMLINKS 'configured paths are normalized' '
test_when_finished "rm -rf repository; rm -f repo" &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global --unset-all safe.directory
) &&
git init repository &&
ln -s repository repo &&
(
cd repository &&
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit sample
) &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global safe.directory "$(pwd)/repo"
) &&
git -C repository for-each-ref &&
git -C repository/ for-each-ref &&
git -C repo for-each-ref &&
git -C repo/ for-each-ref &&
test_must_fail git -C repository/.git for-each-ref &&
test_must_fail git -C repository/.git/ for-each-ref &&
test_must_fail git -C repo/.git for-each-ref &&
test_must_fail git -C repo/.git/ for-each-ref
'
test_expect_success SYMLINKS 'configured leading paths are normalized' '
test_when_finished "rm -rf repository; rm -f repo" &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global --unset-all safe.directory
) &&
mkdir -p repository &&
git init repository/s &&
ln -s repository repo &&
(
cd repository/s &&
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit sample
) &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global safe.directory "$(pwd)/repo/*"
) &&
git -C repository/s for-each-ref &&
git -C repository/s/ for-each-ref &&
git -C repository/s/.git for-each-ref &&
git -C repository/s/.git/ for-each-ref &&
git -C repo/s for-each-ref &&
git -C repo/s/ for-each-ref &&
git -C repo/s/.git for-each-ref &&
git -C repo/s/.git/ for-each-ref
'
test_expect_success 'safe.directory set to a dot' '
test_when_finished "rm -rf repository" &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global --unset-all safe.directory
) &&
mkdir -p repository/subdir &&
git init repository &&
(
cd repository &&
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit sample
) &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global safe.directory "."
) &&
git -C repository for-each-ref &&
git -C repository/ for-each-ref &&
git -C repository/.git for-each-ref &&
git -C repository/.git/ for-each-ref &&
# What is allowed is repository/subdir but the repository
# path is repository.
test_must_fail git -C repository/subdir for-each-ref &&
# Likewise, repository .git/refs is allowed with "." but
# repository/.git that is accessed is not allowed.
test_must_fail git -C repository/.git/refs for-each-ref
'
test_expect_success 'safe.directory set to asterisk' '
test_when_finished "rm -rf repository" &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global --unset-all safe.directory
) &&
mkdir -p repository/subdir &&
git init repository &&
(
cd repository &&
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit sample
) &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config --global safe.directory "*"
) &&
# these are trivial
git -C repository for-each-ref &&
git -C repository/ for-each-ref &&
git -C repository/.git for-each-ref &&
git -C repository/.git/ for-each-ref &&
# With "*", everything is allowed, and the repository is
# discovered, which is different behaviour from "." above.
git -C repository/subdir for-each-ref &&
# Likewise.
git -C repository/.git/refs for-each-ref
'
test_done
|
