def test_has_initial_commit_fail_notAGitDir(): tmp = maketemp() e = assert_raises( repository.GitRevParseError, repository.has_initial_commit, git_dir=tmp) eq(str(e), 'rev-parse failed: exit status 128')
def test_bad_unsafeArguments_badCharacters(): cfg = RawConfigParser() e = assert_raises( dcontrol.UnsafeArgumentsError, dcontrol.serve, cfg=cfg, user="******", command="git-upload-pack 'ev!l'" ) eq(str(e), "Arguments to command look dangerous") assert isinstance(e, dcontrol.ServingError)
def test_bad_unsafeArguments_dotdot(): cfg = RawConfigParser() e = assert_raises( serve.UnsafeArgumentsError, serve.serve, cfg=cfg, user="******", command="git-upload-pack 'something/../evil'" ) eq(str(e), "Arguments to command look dangerous") assert isinstance(e, serve.ServingError)
def test_ssh_extract_user_bad(): e = assert_raises( init.InsecureSSHKeyUsername, init.ssh_extract_user, 'ssh-somealgo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' + 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' + 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' + 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ER3%#@e%') eq(str(e), "Username contains not allowed characters: 'ER3%#@e%'")
def test_bad_forbiddenCommand_write_noAccess_space(): cfg = RawConfigParser() e = assert_raises(serve.ReadAccessDenied, serve.serve, cfg=cfg, user="******", command="git receive-pack 'foo'") # error message talks about read in an effort to make it more # obvious that jdoe doesn't have *even* read access eq(str(e), "Repository read access denied") assert isinstance(e, serve.AccessDenied) assert isinstance(e, serve.ServingError)
def test_ssh_extract_user_bad(): e = assert_raises( init.InsecureSSHKeyUsername, init.ssh_extract_user, 'ssh-somealgo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ER3%#@e%') eq(str(e), "Username contains not allowed characters: 'ER3%#@e%'")
def test_bad_forbiddenCommand_write_readAccess_space(): cfg = RawConfigParser() cfg.add_section("group foo") cfg.set("group foo", "members", "jdoe") cfg.set("group foo", "readonly", "foo") e = assert_raises(serve.WriteAccessDenied, serve.serve, cfg=cfg, user="******", command="git receive-pack 'foo'") eq(str(e), "Repository write access denied") assert isinstance(e, serve.AccessDenied) assert isinstance(e, serve.ServingError)
def test_bad_space_noargs(): cfg = RawConfigParser() e = assert_raises( serve.UnknownCommandError, serve.serve, cfg=cfg, user='******', command='git upload-pack', ) eq(str(e), 'Unknown command denied') assert isinstance(e, serve.ServingError)
def test_bad_command(): cfg = RawConfigParser() e = assert_raises( serve.UnknownCommandError, serve.serve, cfg=cfg, user='******', command="evil 'foo'", ) eq(str(e), 'Unknown command denied') assert isinstance(e, serve.ServingError)
def test_bad_unsafeArguments_badCharacters(): cfg = RawConfigParser() e = assert_raises( serve.UnsafeArgumentsError, serve.serve, cfg=cfg, user='******', command="git-upload-pack 'ev!l'", ) eq(str(e), 'Arguments to command look dangerous') assert isinstance(e, serve.ServingError)
def test_bad_newLine(): cfg = RawConfigParser() e = assert_raises( serve.CommandMayNotContainNewlineError, serve.serve, cfg=cfg, user='******', command='ev\nil', ) eq(str(e), 'Command may not contain newline') assert isinstance(e, serve.ServingError)
def test_bad_unsafeArguments_dotdot(): cfg = RawConfigParser() e = assert_raises( serve.UnsafeArgumentsError, serve.serve, cfg=cfg, user='******', command="git-upload-pack 'something/../evil'", ) eq(str(e), 'Arguments to command look dangerous') assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_read_space(): cfg = RawConfigParser() e = assert_raises( serve.ReadAccessDenied, serve.serve, cfg=cfg, user='******', command="git upload-pack 'foo'", ) eq(str(e), 'Repository read access denied') assert isinstance(e, serve.AccessDenied) assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_read_dash(): cfg = RawConfigParser() e = assert_raises( serve.ReadAccessDenied, serve.serve, cfg=cfg, user='******', command="git-upload-pack 'foo'", ) eq(str(e), 'Repository read access denied') assert isinstance(e, serve.AccessDenied) assert isinstance(e, serve.ServingError)
def test_bad_command(): cfg = RawConfigParser() cfg.add_section('rsp') cfg.set('rsp', 'haveAccessURL', 'example.org') e = assert_raises( serve.UnknownCommandError, serve.serve, cfg=cfg, user='******', command="evil 'foo'", ) eq(str(e), 'Unknown command denied') assert isinstance(e, serve.ServingError)
def test_bad_newLine(): cfg = RawConfigParser() cfg.add_section('rsp') cfg.set('rsp', 'haveAccessURL', 'example.org') e = assert_raises( serve.CommandMayNotContainNewlineError, serve.serve, cfg=cfg, user='******', command='ev\nil', ) eq(str(e), 'Command may not contain newline') assert isinstance(e, serve.ServingError)
def test_bad_unsafeArguments_dotdot(): cfg = RawConfigParser() cfg.add_section('rsp') cfg.set('rsp', 'haveAccessURL', 'example.org') e = assert_raises( serve.UnsafeArgumentsError, serve.serve, cfg=cfg, user='******', command="git-upload-pack 'something/../evil'", ) eq(str(e), 'Arguments to command look dangerous') assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_read_space(): cfg = RawConfigParser() cfg.add_section('rsp') cfg.set('rsp', 'haveAccessURL', 'example.org') e = assert_raises( serve.ReadAccessDenied, serve.serve, cfg=cfg, user='******', command="git upload-pack 'foo'", ) eq(str(e), 'Repository read access denied') assert isinstance(e, serve.AccessDenied) assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_write_noAccess_space(): cfg = RawConfigParser() e = assert_raises( serve.ReadAccessDenied, serve.serve, cfg=cfg, user='******', command="git receive-pack 'foo'", ) # error message talks about read in an effort to make it more # obvious that jdoe doesn't have *even* read access eq(str(e), 'Repository read access denied') assert isinstance(e, serve.AccessDenied) assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_write_readAccess_space(): cfg = RawConfigParser() cfg.add_section('group foo') cfg.set('group foo', 'members', 'jdoe') cfg.set('group foo', 'readonly', 'foo') e = assert_raises( serve.WriteAccessDenied, serve.serve, cfg=cfg, user='******', command="git receive-pack 'foo'", ) eq(str(e), 'Repository write access denied') assert isinstance(e, serve.AccessDenied) assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_write_noAccess_space(): cfg = RawConfigParser() cfg.add_section('rsp') cfg.set('rsp', 'haveAccessURL', 'example.org') e = assert_raises( serve.ReadAccessDenied, serve.serve, cfg=cfg, user='******', command="git receive-pack 'foo'", ) # error message talks about read in an effort to make it more # obvious that jdoe doesn't have *even* read access eq(str(e), 'Repository read access denied') assert isinstance(e, serve.AccessDenied) assert isinstance(e, serve.ServingError)
def test_read_inits_if_needed_without_init_permission(): # a clone of a non-existent repository (but where config # authorizes you to do that) will create the repository on the fly tmp = util.maketemp() cfg = RawConfigParser() cfg.add_section('gitosis') repositories = os.path.join(tmp, 'repositories') os.mkdir(repositories) cfg.set('gitosis', 'repositories', repositories) generated = os.path.join(tmp, 'generated') os.mkdir(generated) cfg.set('gitosis', 'generate-files-in', generated) cfg.add_section('group foo') cfg.set('group foo', 'members', 'jdoe') cfg.set('group foo', 'readonly', 'foo') e = assert_raises( serve.InitAccessDenied, serve.serve, cfg=cfg, user='******', command="git-upload-pack 'foo'", ) eq(str(e), 'Repository write access denied') assert isinstance(e, serve.InitAccessDenied)
def test_bad_forbiddenCommand_read_space(): cfg = RawConfigParser() e = assert_raises(dcontrol.ReadAccessDenied, dcontrol.serve, cfg=cfg, user="******", command="git upload-pack 'foo'") eq(str(e), "Repository read access denied") assert isinstance(e, dcontrol.AccessDenied) assert isinstance(e, dcontrol.ServingError)
def test_bad_space_noargs(): cfg = RawConfigParser() e = assert_raises(dcontrol.UnknownCommandError, dcontrol.serve, cfg=cfg, user="******", command="git upload-pack") eq(str(e), "Unknown command denied") assert isinstance(e, dcontrol.ServingError)
def test_bad_command(): cfg = RawConfigParser() e = assert_raises(dcontrol.UnknownCommandError, dcontrol.serve, cfg=cfg, user="******", command="evil 'foo'") eq(str(e), "Unknown command denied") assert isinstance(e, dcontrol.ServingError)
def test_bad_newLine(): cfg = RawConfigParser() e = assert_raises(dcontrol.CommandMayNotContainNewlineError, dcontrol.serve, cfg=cfg, user="******", command="ev\nil") eq(str(e), "Command may not contain newline") assert isinstance(e, dcontrol.ServingError)
def test_bad_dash_noargs(): cfg = RawConfigParser() e = assert_raises(serve.UnknownCommandError, serve.serve, cfg=cfg, user="******", command="git-upload-pack") eq(str(e), "Unknown command denied") assert isinstance(e, serve.ServingError)