#!/bin/sh
test_description='verify safe.directory checks'
TEST_PASSES_SANITIZE_LEAK=true
. ./test-lib.sh
GIT_TEST_ASSUME_DIFFERENT_OWNER=1
export GIT_TEST_ASSUME_DIFFERENT_OWNER
expect_rejected_dir () {
test_must_fail git status 2>err &&
grep "dubious ownership" err
}
test_expect_success 'safe.directory is not set' '
expect_rejected_dir
'
test_expect_success 'safe.directory on the command line' '
git -c safe.directory="$(pwd)" status
'
test_expect_success 'safe.directory in the environment' '
env GIT_CONFIG_COUNT=1 \
GIT_CONFIG_KEY_0="safe.directory" \
GIT_CONFIG_VALUE_0="$(pwd)" \
git status
'
test_expect_success 'safe.directory in GIT_CONFIG_PARAMETERS' '
env GIT_CONFIG_PARAMETERS="${SQ}safe.directory${SQ}=${SQ}$(pwd)${SQ}" \
git status
'
test_expect_success 'ignoring safe.directory in repo config' '
(
unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
git config safe.directory "$(pwd)"
) &&
expect_rejected_dir
'
test_expect_success 'safe.directory does not match' '
git config --global safe.directory bogus &&
expect_rejected_dir
'
test_expect_success 'path exist as different key' '
git config --global foo.bar "$(pwd)" &&
expect_rejected_dir
'
test_expect_success 'safe.directory matches' '
git config --global --add safe.directory "$(pwd)" &&
git status
'
test_expect_success 'safe.directory matches, but is reset' '
git config --global --add safe.directory "" &&
expect_rejected_dir
'
test_expect_success 'safe.directory=*' '
git config --global --add safe.directory "*" &&
git status
'
test_expect_success 'safe.directory=*, but is reset' '
git config --global --add safe.directory "" &&
expect_rejected_dir
'
test_expect_success 'safe.directory with matching glob' '
git config --global --unset-all safe.directory &&
p=$(pwd) &&
git config --global safe.directory "${p%/*}/*" &&
git status
'
test_expect_success 'safe.directory with unmatching glob' '
git config --global --unset-all safe.directory &&
p=$(pwd) &&
git config --global safe.directory "${p%/*}no/*" &&
expect_rejected_dir
'
test_expect_success 'safe.directory in included file' '
git config --global --unset-all safe.directory &&
cat >gitconfig-include <<-EOF &&
[safe]
directory = "$(pwd)"
EOF
git config --global --add include.path "$(pwd)/gitconfig-include" &&
git status
'
test_expect_success 'local clone of unowned repo refused in unsafe directory' '
test_when_finished "rm -rf source" &&
git init source &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit -C source initial
) &&
test_must_fail git clone --local source target &&
test_path_is_missing target
'
test_expect_success 'local clone of unowned repo accepted in safe directory' '
test_when_finished "rm -rf source" &&
git init source &&
(
sane_unset GIT_TEST_ASSUME_DIFFERENT_OWNER &&
test_commit -C source initial
) &&
test_must_fail git clone --local source target &&
git config --global --add safe.directory "$(pwd)/source/.git" &&
git clone --local source target &&
test_path_is_dir target
'
test_done
Codebase Browser
git