Give ArgumentSafety traits; test *_as_argument methods

EliahKagan · EliahKagan · commit 1b0af07ffa12 · 2024-04-12T19:30:32.000Z
The three new `Url::*_as_argument` methods were only tested
indirectly before (and the path one not at all). This adds tests
for them so they have the same direct coverage as the corresponding
`*_argument_safe` methods.

The `Debug` and `PartialEq` traits added to `ArgumentSafety` are
primarily added to allow the new assertions to be written in a more
streamlined way (without matching).
diff --git a/gix-url/src/lib.rs b/gix-url/src/lib.rs
@@ -66,6 +66,7 @@ pub fn expand_path(user: Option<&expand_path::ForUser>, path: &BStr) -> Result<P
 ///
 /// This type only expresses known *syntactic* risk. It does not cover other risks, such as passing a personal access
 /// token as a username rather than a password in an application that logs usernames.
+#[derive(Debug, PartialEq)]
 pub enum ArgumentSafety<T> {
     /// May be safe. There is nothing to pass, so there is nothing dangerous.
     Absent,
diff --git a/gix-url/tests/access/mod.rs b/gix-url/tests/access/mod.rs
@@ -30,6 +30,8 @@ mod canonicalized {
     }
 }
 
+use gix_url::ArgumentSafety;
+
 #[test]
 fn user() -> crate::Result {
     let mut url = gix_url::parse("https://user:password@host/path".into())?;
@@ -53,81 +55,108 @@ fn password() -> crate::Result {
 }
 
 #[test]
-fn user_argument_safe() -> crate::Result {
+fn user_argument_safety() -> crate::Result {
     let url = gix_url::parse("ssh://-Fconfigfile@foo/bar".into())?;
 
     assert_eq!(url.user(), Some("-Fconfigfile"));
+    assert_eq!(url.user_as_argument(), ArgumentSafety::Dangerous("-Fconfigfile"));
     assert_eq!(url.user_argument_safe(), None); // An unsafe username is blocked.
 
     assert_eq!(url.host(), Some("foo"));
+    assert_eq!(url.host_as_argument(), ArgumentSafety::Usable("foo"));
     assert_eq!(url.host_argument_safe(), Some("foo"));
 
     assert_eq!(url.path, "/bar");
+    assert_eq!(url.path_as_argument(), ArgumentSafety::Usable("/bar".into()));
     assert_eq!(url.path_argument_safe(), Some("/bar".into()));
 
     Ok(())
 }
 
 #[test]
-fn host_argument_safe() -> crate::Result {
+fn host_argument_safety() -> crate::Result {
     let url = gix_url::parse("ssh://-oProxyCommand=open$IFS-aCalculator/foo".into())?;
 
     assert_eq!(url.user(), None);
+    assert_eq!(url.user_as_argument(), ArgumentSafety::Absent);
     assert_eq!(url.user_argument_safe(), None); // As there is no user. See all_argument_safe_valid().
 
     assert_eq!(url.host(), Some("-oProxyCommand=open$IFS-aCalculator"));
+    assert_eq!(
+        url.host_as_argument(),
+        ArgumentSafety::Dangerous("-oProxyCommand=open$IFS-aCalculator")
+    );
     assert_eq!(url.host_argument_safe(), None); // An unsafe host string is blocked.
 
     assert_eq!(url.path, "/foo");
+    assert_eq!(url.path_as_argument(), ArgumentSafety::Usable("/foo".into()));
     assert_eq!(url.path_argument_safe(), Some("/foo".into()));
 
     Ok(())
 }
 
 #[test]
-fn path_argument_safe() -> crate::Result {
+fn path_argument_safety() -> crate::Result {
     let url = gix_url::parse("ssh://foo/-oProxyCommand=open$IFS-aCalculator".into())?;
 
     assert_eq!(url.user(), None);
+    assert_eq!(url.user_as_argument(), ArgumentSafety::Absent);
     assert_eq!(url.user_argument_safe(), None); // As there is no user. See all_argument_safe_valid().
 
     assert_eq!(url.host(), Some("foo"));
+    assert_eq!(url.host_as_argument(), ArgumentSafety::Usable("foo"));
     assert_eq!(url.host_argument_safe(), Some("foo"));
 
     assert_eq!(url.path, "/-oProxyCommand=open$IFS-aCalculator");
+    assert_eq!(
+        url.path_as_argument(),
+        ArgumentSafety::Dangerous("/-oProxyCommand=open$IFS-aCalculator".into())
+    );
     assert_eq!(url.path_argument_safe(), None); // An unsafe path is blocked.
 
     Ok(())
 }
 
 #[test]
-fn all_argument_safe_allowed() -> crate::Result {
+fn all_argument_safety_safe() -> crate::Result {
     let url = gix_url::parse("ssh://user.name@example.com/path/to/file".into())?;
 
     assert_eq!(url.user(), Some("user.name"));
+    assert_eq!(url.user_as_argument(), ArgumentSafety::Usable("user.name"));
     assert_eq!(url.user_argument_safe(), Some("user.name"));
 
     assert_eq!(url.host(), Some("example.com"));
+    assert_eq!(url.host_as_argument(), ArgumentSafety::Usable("example.com"));
     assert_eq!(url.host_argument_safe(), Some("example.com"));
 
     assert_eq!(url.path, "/path/to/file");
+    assert_eq!(url.path_as_argument(), ArgumentSafety::Usable("/path/to/file".into()));
     assert_eq!(url.path_argument_safe(), Some("/path/to/file".into()));
 
     Ok(())
 }
 
 #[test]
-fn all_argument_safe_disallowed() -> crate::Result {
+fn all_argument_safety_not_safe() -> crate::Result {
     let all_bad = "ssh://-Fconfigfile@-oProxyCommand=open$IFS-aCalculator/-oProxyCommand=open$IFS-aCalculator";
     let url = gix_url::parse(all_bad.into())?;
 
     assert_eq!(url.user(), Some("-Fconfigfile"));
+    assert_eq!(url.user_as_argument(), ArgumentSafety::Dangerous("-Fconfigfile"));
     assert_eq!(url.user_argument_safe(), None); // An unsafe username is blocked.
 
     assert_eq!(url.host(), Some("-oProxyCommand=open$IFS-aCalculator"));
+    assert_eq!(
+        url.host_as_argument(),
+        ArgumentSafety::Dangerous("-oProxyCommand=open$IFS-aCalculator")
+    );
     assert_eq!(url.host_argument_safe(), None); // An unsafe host string is blocked.
 
     assert_eq!(url.path, "/-oProxyCommand=open$IFS-aCalculator");
+    assert_eq!(
+        url.path_as_argument(),
+        ArgumentSafety::Dangerous("/-oProxyCommand=open$IFS-aCalculator".into())
+    );
     assert_eq!(url.path_argument_safe(), None); // An unsafe path is blocked.
 
     Ok(())
