def test_has_initial_commit_fail_notAGitDir():
tmp = maketemp()
e = assert_raises(
repository.GitRevParseError,
repository.has_initial_commit,
git_dir=tmp)
eq(str(e), 'rev-parse failed: exit status 128')
def test_bad_unsafeArguments_badCharacters():
cfg = RawConfigParser()
e = assert_raises(
dcontrol.UnsafeArgumentsError, dcontrol.serve, cfg=cfg, user="******", command="git-upload-pack 'ev!l'"
)
eq(str(e), "Arguments to command look dangerous")
assert isinstance(e, dcontrol.ServingError)
def test_bad_unsafeArguments_dotdot():
cfg = RawConfigParser()
e = assert_raises(
serve.UnsafeArgumentsError, serve.serve, cfg=cfg, user="******", command="git-upload-pack 'something/../evil'"
)
eq(str(e), "Arguments to command look dangerous")
assert isinstance(e, serve.ServingError)
def test_has_initial_commit_fail_notAGitDir():
tmp = maketemp()
e = assert_raises(
repository.GitRevParseError,
repository.has_initial_commit,
git_dir=tmp)
eq(str(e), 'rev-parse failed: exit status 128')
def test_ssh_extract_user_bad():
e = assert_raises(
init.InsecureSSHKeyUsername, init.ssh_extract_user,
'ssh-somealgo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +
'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +
'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +
'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ER3%#@e%')
eq(str(e), "Username contains not allowed characters: 'ER3%#@e%'")
def test_bad_forbiddenCommand_write_noAccess_space():
cfg = RawConfigParser()
e = assert_raises(serve.ReadAccessDenied, serve.serve, cfg=cfg, user="******", command="git receive-pack 'foo'")
# error message talks about read in an effort to make it more
# obvious that jdoe doesn't have *even* read access
eq(str(e), "Repository read access denied")
assert isinstance(e, serve.AccessDenied)
assert isinstance(e, serve.ServingError)
def test_ssh_extract_user_bad():
e = assert_raises(
init.InsecureSSHKeyUsername,
init.ssh_extract_user,
'ssh-somealgo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ER3%#@e%')
eq(str(e), "Username contains not allowed characters: 'ER3%#@e%'")
def test_bad_forbiddenCommand_write_readAccess_space():
cfg = RawConfigParser()
cfg.add_section("group foo")
cfg.set("group foo", "members", "jdoe")
cfg.set("group foo", "readonly", "foo")
e = assert_raises(serve.WriteAccessDenied, serve.serve, cfg=cfg, user="******", command="git receive-pack 'foo'")
eq(str(e), "Repository write access denied")
assert isinstance(e, serve.AccessDenied)
assert isinstance(e, serve.ServingError)
def test_bad_space_noargs():
cfg = RawConfigParser()
e = assert_raises(
serve.UnknownCommandError,
serve.serve,
cfg=cfg,
user='******',
command='git upload-pack',
)
eq(str(e), 'Unknown command denied')
assert isinstance(e, serve.ServingError)
def test_bad_space_noargs():
cfg = RawConfigParser()
e = assert_raises(
serve.UnknownCommandError,
serve.serve,
cfg=cfg,
user='******',
command='git upload-pack',
)
eq(str(e), 'Unknown command denied')
assert isinstance(e, serve.ServingError)
def test_bad_command():
cfg = RawConfigParser()
e = assert_raises(
serve.UnknownCommandError,
serve.serve,
cfg=cfg,
user='******',
command="evil 'foo'",
)
eq(str(e), 'Unknown command denied')
assert isinstance(e, serve.ServingError)
def test_bad_unsafeArguments_badCharacters():
cfg = RawConfigParser()
e = assert_raises(
serve.UnsafeArgumentsError,
serve.serve,
cfg=cfg,
user='******',
command="git-upload-pack 'ev!l'",
)
eq(str(e), 'Arguments to command look dangerous')
assert isinstance(e, serve.ServingError)
def test_bad_command():
cfg = RawConfigParser()
e = assert_raises(
serve.UnknownCommandError,
serve.serve,
cfg=cfg,
user='******',
command="evil 'foo'",
)
eq(str(e), 'Unknown command denied')
assert isinstance(e, serve.ServingError)
def test_bad_newLine():
cfg = RawConfigParser()
e = assert_raises(
serve.CommandMayNotContainNewlineError,
serve.serve,
cfg=cfg,
user='******',
command='ev\nil',
)
eq(str(e), 'Command may not contain newline')
assert isinstance(e, serve.ServingError)
def test_bad_unsafeArguments_dotdot():
cfg = RawConfigParser()
e = assert_raises(
serve.UnsafeArgumentsError,
serve.serve,
cfg=cfg,
user='******',
command="git-upload-pack 'something/../evil'",
)
eq(str(e), 'Arguments to command look dangerous')
assert isinstance(e, serve.ServingError)
def test_bad_newLine():
cfg = RawConfigParser()
e = assert_raises(
serve.CommandMayNotContainNewlineError,
serve.serve,
cfg=cfg,
user='******',
command='ev\nil',
)
eq(str(e), 'Command may not contain newline')
assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_read_space():
cfg = RawConfigParser()
e = assert_raises(
serve.ReadAccessDenied,
serve.serve,
cfg=cfg,
user='******',
command="git upload-pack 'foo'",
)
eq(str(e), 'Repository read access denied')
assert isinstance(e, serve.AccessDenied)
assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_read_dash():
cfg = RawConfigParser()
e = assert_raises(
serve.ReadAccessDenied,
serve.serve,
cfg=cfg,
user='******',
command="git-upload-pack 'foo'",
)
eq(str(e), 'Repository read access denied')
assert isinstance(e, serve.AccessDenied)
assert isinstance(e, serve.ServingError)
def test_bad_command():
cfg = RawConfigParser()
cfg.add_section('rsp')
cfg.set('rsp', 'haveAccessURL', 'example.org')
e = assert_raises(
serve.UnknownCommandError,
serve.serve,
cfg=cfg,
user='******',
command="evil 'foo'",
)
eq(str(e), 'Unknown command denied')
assert isinstance(e, serve.ServingError)
def test_bad_newLine():
cfg = RawConfigParser()
cfg.add_section('rsp')
cfg.set('rsp', 'haveAccessURL', 'example.org')
e = assert_raises(
serve.CommandMayNotContainNewlineError,
serve.serve,
cfg=cfg,
user='******',
command='ev\nil',
)
eq(str(e), 'Command may not contain newline')
assert isinstance(e, serve.ServingError)
def test_bad_unsafeArguments_dotdot():
cfg = RawConfigParser()
cfg.add_section('rsp')
cfg.set('rsp', 'haveAccessURL', 'example.org')
e = assert_raises(
serve.UnsafeArgumentsError,
serve.serve,
cfg=cfg,
user='******',
command="git-upload-pack 'something/../evil'",
)
eq(str(e), 'Arguments to command look dangerous')
assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_read_space():
cfg = RawConfigParser()
cfg.add_section('rsp')
cfg.set('rsp', 'haveAccessURL', 'example.org')
e = assert_raises(
serve.ReadAccessDenied,
serve.serve,
cfg=cfg,
user='******',
command="git upload-pack 'foo'",
)
eq(str(e), 'Repository read access denied')
assert isinstance(e, serve.AccessDenied)
assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_write_noAccess_space():
cfg = RawConfigParser()
e = assert_raises(
serve.ReadAccessDenied,
serve.serve,
cfg=cfg,
user='******',
command="git receive-pack 'foo'",
)
# error message talks about read in an effort to make it more
# obvious that jdoe doesn't have *even* read access
eq(str(e), 'Repository read access denied')
assert isinstance(e, serve.AccessDenied)
assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_write_readAccess_space():
cfg = RawConfigParser()
cfg.add_section('group foo')
cfg.set('group foo', 'members', 'jdoe')
cfg.set('group foo', 'readonly', 'foo')
e = assert_raises(
serve.WriteAccessDenied,
serve.serve,
cfg=cfg,
user='******',
command="git receive-pack 'foo'",
)
eq(str(e), 'Repository write access denied')
assert isinstance(e, serve.AccessDenied)
assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_write_readAccess_space():
cfg = RawConfigParser()
cfg.add_section('group foo')
cfg.set('group foo', 'members', 'jdoe')
cfg.set('group foo', 'readonly', 'foo')
e = assert_raises(
serve.WriteAccessDenied,
serve.serve,
cfg=cfg,
user='******',
command="git receive-pack 'foo'",
)
eq(str(e), 'Repository write access denied')
assert isinstance(e, serve.AccessDenied)
assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_write_noAccess_space():
cfg = RawConfigParser()
cfg.add_section('rsp')
cfg.set('rsp', 'haveAccessURL', 'example.org')
e = assert_raises(
serve.ReadAccessDenied,
serve.serve,
cfg=cfg,
user='******',
command="git receive-pack 'foo'",
)
# error message talks about read in an effort to make it more
# obvious that jdoe doesn't have *even* read access
eq(str(e), 'Repository read access denied')
assert isinstance(e, serve.AccessDenied)
assert isinstance(e, serve.ServingError)
def test_read_inits_if_needed_without_init_permission():
# a clone of a non-existent repository (but where config
# authorizes you to do that) will create the repository on the fly
tmp = util.maketemp()
cfg = RawConfigParser()
cfg.add_section('gitosis')
repositories = os.path.join(tmp, 'repositories')
os.mkdir(repositories)
cfg.set('gitosis', 'repositories', repositories)
generated = os.path.join(tmp, 'generated')
os.mkdir(generated)
cfg.set('gitosis', 'generate-files-in', generated)
cfg.add_section('group foo')
cfg.set('group foo', 'members', 'jdoe')
cfg.set('group foo', 'readonly', 'foo')
e = assert_raises(
serve.InitAccessDenied,
serve.serve,
cfg=cfg,
user='******',
command="git-upload-pack 'foo'",
)
eq(str(e), 'Repository write access denied')
assert isinstance(e, serve.InitAccessDenied)
def test_read_inits_if_needed_without_init_permission():
# a clone of a non-existent repository (but where config
# authorizes you to do that) will create the repository on the fly
tmp = util.maketemp()
cfg = RawConfigParser()
cfg.add_section('gitosis')
repositories = os.path.join(tmp, 'repositories')
os.mkdir(repositories)
cfg.set('gitosis', 'repositories', repositories)
generated = os.path.join(tmp, 'generated')
os.mkdir(generated)
cfg.set('gitosis', 'generate-files-in', generated)
cfg.add_section('group foo')
cfg.set('group foo', 'members', 'jdoe')
cfg.set('group foo', 'readonly', 'foo')
e = assert_raises(
serve.InitAccessDenied,
serve.serve,
cfg=cfg,
user='******',
command="git-upload-pack 'foo'",
)
eq(str(e), 'Repository write access denied')
assert isinstance(e, serve.InitAccessDenied)
def test_bad_forbiddenCommand_read_space():
cfg = RawConfigParser()
e = assert_raises(dcontrol.ReadAccessDenied, dcontrol.serve, cfg=cfg, user="******", command="git upload-pack 'foo'")
eq(str(e), "Repository read access denied")
assert isinstance(e, dcontrol.AccessDenied)
assert isinstance(e, dcontrol.ServingError)
def test_bad_space_noargs():
cfg = RawConfigParser()
e = assert_raises(dcontrol.UnknownCommandError, dcontrol.serve, cfg=cfg, user="******", command="git upload-pack")
eq(str(e), "Unknown command denied")
assert isinstance(e, dcontrol.ServingError)
def test_bad_command():
cfg = RawConfigParser()
e = assert_raises(dcontrol.UnknownCommandError, dcontrol.serve, cfg=cfg, user="******", command="evil 'foo'")
eq(str(e), "Unknown command denied")
assert isinstance(e, dcontrol.ServingError)
def test_bad_newLine():
cfg = RawConfigParser()
e = assert_raises(dcontrol.CommandMayNotContainNewlineError, dcontrol.serve, cfg=cfg, user="******", command="ev\nil")
eq(str(e), "Command may not contain newline")
assert isinstance(e, dcontrol.ServingError)
def test_bad_dash_noargs():
cfg = RawConfigParser()
e = assert_raises(serve.UnknownCommandError, serve.serve, cfg=cfg, user="******", command="git-upload-pack")
eq(str(e), "Unknown command denied")
assert isinstance(e, serve.ServingError)
