|
22 | 22 | GitCommandError |
23 | 23 | ) |
24 | 24 | from git.cmd import Git |
| 25 | +from pathlib import path |
| 26 | +from git.exc import UnsafeOptionError, UnsafeProtocolError |
25 | 27 | from git.compat import string_types |
26 | 28 | from git.test.lib import ( |
27 | 29 | TestBase, |
@@ -646,3 +648,259 @@ def test_push_error(self, repo): |
646 | 648 | rem = repo.remote('origin') |
647 | 649 | with self.assertRaisesRegex(GitCommandError, "src refspec __BAD_REF__ does not match any"): |
648 | 650 | rem.push('__BAD_REF__') |
| 651 | + |
| 652 | + @with_rw_repo("HEAD") |
| 653 | + def test_set_unsafe_url(self, rw_repo): |
| 654 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 655 | + tmp_file = tmp_dir / "pwn" |
| 656 | + remote = rw_repo.remote("origin") |
| 657 | + urls = [ |
| 658 | + f"ext::sh -c touch% {tmp_file}", |
| 659 | + "fd::17/foo", |
| 660 | + ] |
| 661 | + for url in urls: |
| 662 | + with self.assertRaises(UnsafeProtocolError): |
| 663 | + remote.set_url(url) |
| 664 | + assert not tmp_file.exists() |
| 665 | + |
| 666 | + @with_rw_repo("HEAD") |
| 667 | + def test_set_unsafe_url_allowed(self, rw_repo): |
| 668 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 669 | + tmp_file = tmp_dir / "pwn" |
| 670 | + remote = rw_repo.remote("origin") |
| 671 | + urls = [ |
| 672 | + f"ext::sh -c touch% {tmp_file}", |
| 673 | + "fd::17/foo", |
| 674 | + ] |
| 675 | + for url in urls: |
| 676 | + remote.set_url(url, allow_unsafe_protocols=True) |
| 677 | + assert list(remote.urls)[-1] == url |
| 678 | + assert not tmp_file.exists() |
| 679 | + |
| 680 | + @with_rw_repo("HEAD") |
| 681 | + def test_add_unsafe_url(self, rw_repo): |
| 682 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 683 | + tmp_file = tmp_dir / "pwn" |
| 684 | + remote = rw_repo.remote("origin") |
| 685 | + urls = [ |
| 686 | + f"ext::sh -c touch% {tmp_file}", |
| 687 | + "fd::17/foo", |
| 688 | + ] |
| 689 | + for url in urls: |
| 690 | + with self.assertRaises(UnsafeProtocolError): |
| 691 | + remote.add_url(url) |
| 692 | + assert not tmp_file.exists() |
| 693 | + |
| 694 | + @with_rw_repo("HEAD") |
| 695 | + def test_add_unsafe_url_allowed(self, rw_repo): |
| 696 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 697 | + tmp_file = tmp_dir / "pwn" |
| 698 | + remote = rw_repo.remote("origin") |
| 699 | + urls = [ |
| 700 | + f"ext::sh -c touch% {tmp_file}", |
| 701 | + "fd::17/foo", |
| 702 | + ] |
| 703 | + for url in urls: |
| 704 | + remote.add_url(url, allow_unsafe_protocols=True) |
| 705 | + assert list(remote.urls)[-1] == url |
| 706 | + assert not tmp_file.exists() |
| 707 | + |
| 708 | + @with_rw_repo("HEAD") |
| 709 | + def test_create_remote_unsafe_url(self, rw_repo): |
| 710 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 711 | + tmp_file = tmp_dir / "pwn" |
| 712 | + urls = [ |
| 713 | + f"ext::sh -c touch% {tmp_file}", |
| 714 | + "fd::17/foo", |
| 715 | + ] |
| 716 | + for url in urls: |
| 717 | + with self.assertRaises(UnsafeProtocolError): |
| 718 | + Remote.create(rw_repo, "origin", url) |
| 719 | + assert not tmp_file.exists() |
| 720 | + |
| 721 | + @with_rw_repo("HEAD") |
| 722 | + def test_create_remote_unsafe_url_allowed(self, rw_repo): |
| 723 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 724 | + tmp_file = tmp_dir / "pwn" |
| 725 | + urls = [ |
| 726 | + f"ext::sh -c touch% {tmp_file}", |
| 727 | + "fd::17/foo", |
| 728 | + ] |
| 729 | + for i, url in enumerate(urls): |
| 730 | + remote = Remote.create(rw_repo, f"origin{i}", url, allow_unsafe_protocols=True) |
| 731 | + assert remote.url == url |
| 732 | + assert not tmp_file.exists() |
| 733 | + |
| 734 | + @with_rw_repo("HEAD") |
| 735 | + def test_fetch_unsafe_url(self, rw_repo): |
| 736 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 737 | + tmp_file = tmp_dir / "pwn" |
| 738 | + remote = rw_repo.remote("origin") |
| 739 | + urls = [ |
| 740 | + f"ext::sh -c touch% {tmp_file}", |
| 741 | + "fd::17/foo", |
| 742 | + ] |
| 743 | + for url in urls: |
| 744 | + with self.assertRaises(UnsafeProtocolError): |
| 745 | + remote.fetch(url) |
| 746 | + assert not tmp_file.exists() |
| 747 | + |
| 748 | + @with_rw_repo("HEAD") |
| 749 | + def test_fetch_unsafe_url_allowed(self, rw_repo): |
| 750 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 751 | + tmp_file = tmp_dir / "pwn" |
| 752 | + remote = rw_repo.remote("origin") |
| 753 | + urls = [ |
| 754 | + f"ext::sh -c touch% {tmp_file}", |
| 755 | + "fd::17/foo", |
| 756 | + ] |
| 757 | + for url in urls: |
| 758 | + # The URL will be allowed into the command, but the command will |
| 759 | + # fail since we don't have that protocol enabled in the Git config file. |
| 760 | + with self.assertRaises(GitCommandError): |
| 761 | + remote.fetch(url, allow_unsafe_protocols=True) |
| 762 | + assert not tmp_file.exists() |
| 763 | + |
| 764 | + @with_rw_repo("HEAD") |
| 765 | + def test_fetch_unsafe_options(self, rw_repo): |
| 766 | + remote = rw_repo.remote("origin") |
| 767 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 768 | + tmp_file = tmp_dir / "pwn" |
| 769 | + unsafe_options = [{"upload-pack": f"touch {tmp_file}"}] |
| 770 | + for unsafe_option in unsafe_options: |
| 771 | + with self.assertRaises(UnsafeOptionError): |
| 772 | + remote.fetch(**unsafe_option) |
| 773 | + assert not tmp_file.exists() |
| 774 | + |
| 775 | + @with_rw_repo("HEAD") |
| 776 | + def test_fetch_unsafe_options_allowed(self, rw_repo): |
| 777 | + remote = rw_repo.remote("origin") |
| 778 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 779 | + tmp_file = tmp_dir / "pwn" |
| 780 | + unsafe_options = [{"upload-pack": f"touch {tmp_file}"}] |
| 781 | + for unsafe_option in unsafe_options: |
| 782 | + # The options will be allowed, but the command will fail. |
| 783 | + assert not tmp_file.exists() |
| 784 | + with self.assertRaises(GitCommandError): |
| 785 | + remote.fetch(**unsafe_option, allow_unsafe_options=True) |
| 786 | + assert tmp_file.exists() |
| 787 | + |
| 788 | + @with_rw_repo("HEAD") |
| 789 | + def test_pull_unsafe_url(self, rw_repo): |
| 790 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 791 | + tmp_file = tmp_dir / "pwn" |
| 792 | + remote = rw_repo.remote("origin") |
| 793 | + urls = [ |
| 794 | + f"ext::sh -c touch% {tmp_file}", |
| 795 | + "fd::17/foo", |
| 796 | + ] |
| 797 | + for url in urls: |
| 798 | + with self.assertRaises(UnsafeProtocolError): |
| 799 | + remote.pull(url) |
| 800 | + assert not tmp_file.exists() |
| 801 | + |
| 802 | + @with_rw_repo("HEAD") |
| 803 | + def test_pull_unsafe_url_allowed(self, rw_repo): |
| 804 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 805 | + tmp_file = tmp_dir / "pwn" |
| 806 | + remote = rw_repo.remote("origin") |
| 807 | + urls = [ |
| 808 | + f"ext::sh -c touch% {tmp_file}", |
| 809 | + "fd::17/foo", |
| 810 | + ] |
| 811 | + for url in urls: |
| 812 | + # The URL will be allowed into the command, but the command will |
| 813 | + # fail since we don't have that protocol enabled in the Git config file. |
| 814 | + with self.assertRaises(GitCommandError): |
| 815 | + remote.pull(url, allow_unsafe_protocols=True) |
| 816 | + assert not tmp_file.exists() |
| 817 | + |
| 818 | + @with_rw_repo("HEAD") |
| 819 | + def test_pull_unsafe_options(self, rw_repo): |
| 820 | + remote = rw_repo.remote("origin") |
| 821 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 822 | + tmp_file = tmp_dir / "pwn" |
| 823 | + unsafe_options = [{"upload-pack": f"touch {tmp_file}"}] |
| 824 | + for unsafe_option in unsafe_options: |
| 825 | + with self.assertRaises(UnsafeOptionError): |
| 826 | + remote.pull(**unsafe_option) |
| 827 | + assert not tmp_file.exists() |
| 828 | + |
| 829 | + @with_rw_repo("HEAD") |
| 830 | + def test_pull_unsafe_options_allowed(self, rw_repo): |
| 831 | + remote = rw_repo.remote("origin") |
| 832 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 833 | + tmp_file = tmp_dir / "pwn" |
| 834 | + unsafe_options = [{"upload-pack": f"touch {tmp_file}"}] |
| 835 | + for unsafe_option in unsafe_options: |
| 836 | + # The options will be allowed, but the command will fail. |
| 837 | + assert not tmp_file.exists() |
| 838 | + with self.assertRaises(GitCommandError): |
| 839 | + remote.pull(**unsafe_option, allow_unsafe_options=True) |
| 840 | + assert tmp_file.exists() |
| 841 | + |
| 842 | + @with_rw_repo("HEAD") |
| 843 | + def test_push_unsafe_url(self, rw_repo): |
| 844 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 845 | + tmp_file = tmp_dir / "pwn" |
| 846 | + remote = rw_repo.remote("origin") |
| 847 | + urls = [ |
| 848 | + f"ext::sh -c touch% {tmp_file}", |
| 849 | + "fd::17/foo", |
| 850 | + ] |
| 851 | + for url in urls: |
| 852 | + with self.assertRaises(UnsafeProtocolError): |
| 853 | + remote.push(url) |
| 854 | + assert not tmp_file.exists() |
| 855 | + |
| 856 | + @with_rw_repo("HEAD") |
| 857 | + def test_push_unsafe_url_allowed(self, rw_repo): |
| 858 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 859 | + tmp_file = tmp_dir / "pwn" |
| 860 | + remote = rw_repo.remote("origin") |
| 861 | + urls = [ |
| 862 | + f"ext::sh -c touch% {tmp_file}", |
| 863 | + "fd::17/foo", |
| 864 | + ] |
| 865 | + for url in urls: |
| 866 | + # The URL will be allowed into the command, but the command will |
| 867 | + # fail since we don't have that protocol enabled in the Git config file. |
| 868 | + with self.assertRaises(GitCommandError): |
| 869 | + remote.push(url, allow_unsafe_protocols=True) |
| 870 | + assert not tmp_file.exists() |
| 871 | + |
| 872 | + @with_rw_repo("HEAD") |
| 873 | + def test_push_unsafe_options(self, rw_repo): |
| 874 | + remote = rw_repo.remote("origin") |
| 875 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 876 | + tmp_file = tmp_dir / "pwn" |
| 877 | + unsafe_options = [ |
| 878 | + { |
| 879 | + "receive-pack": f"touch {tmp_file}", |
| 880 | + "exec": f"touch {tmp_file}", |
| 881 | + } |
| 882 | + ] |
| 883 | + for unsafe_option in unsafe_options: |
| 884 | + assert not tmp_file.exists() |
| 885 | + with self.assertRaises(UnsafeOptionError): |
| 886 | + remote.push(**unsafe_option) |
| 887 | + assert not tmp_file.exists() |
| 888 | + |
| 889 | + @with_rw_repo("HEAD") |
| 890 | + def test_push_unsafe_options_allowed(self, rw_repo): |
| 891 | + remote = rw_repo.remote("origin") |
| 892 | + tmp_dir = Path(tempfile.mkdtemp()) |
| 893 | + tmp_file = tmp_dir / "pwn" |
| 894 | + unsafe_options = [ |
| 895 | + { |
| 896 | + "receive-pack": f"touch {tmp_file}", |
| 897 | + "exec": f"touch {tmp_file}", |
| 898 | + } |
| 899 | + ] |
| 900 | + for unsafe_option in unsafe_options: |
| 901 | + # The options will be allowed, but the command will fail. |
| 902 | + assert not tmp_file.exists() |
| 903 | + with self.assertRaises(GitCommandError): |
| 904 | + remote.push(**unsafe_option, allow_unsafe_options=True) |
| 905 | + assert tmp_file.exists() |
| 906 | + tmp_file.unlink() |
0 commit comments