Welcome to mirror list, hosted at ThFree Co, Russian Federation.

git.zx2c4.com/cgit.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2013-04-09 00:18:21 +0400
committerJason A. Donenfeld <Jason@zx2c4.com>2013-04-09 00:53:07 +0400
commitdd1f0e5f1b4de00c98fe7444915864b7271e09fe (patch)
tree5dd6c7885a2bd4f368fc83725ccaefdcd914fd3a /tests/t0109-gitconfig.sh
parent9844c60755cbad8000bca759741bfe113035a8eb (diff)
tests: Make sure that git does not access $HOME
With the latest changes to prevent git from accessing configuration files that it should not, it's important to be sure that we won't have further breakage in the future. Use strace to implement a test to make sure cgit does not access() anything built from $HOME. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'tests/t0109-gitconfig.sh')
-rwxr-xr-xtests/t0109-gitconfig.sh25
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/t0109-gitconfig.sh b/tests/t0109-gitconfig.sh
new file mode 100755
index 0000000..cdd570b
--- /dev/null
+++ b/tests/t0109-gitconfig.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+test_description='Ensure that git does not access $HOME'
+. ./setup.sh
+
+test -n "$(which strace 2>/dev/null)" || {
+ skip_all='Skipping access validation tests: strace not found'
+ test_done
+ exit
+}
+
+test_expect_success 'no access to $HOME' '
+ non_existant_path="/path/to/some/place/that/does/not/possibly/exist"
+ while test -d "$non_existant_path"; do
+ non_existant_path="$non_existant_path/$(date +%N)"
+ done
+ strace \
+ -E HOME="$non_existant_path" \
+ -E CGIT_CONFIG="$PWD/cgitrc" \
+ -E QUERY_STRING="url=foo/commit" \
+ -e access -f -o strace.out cgit
+ test_must_fail grep "$non_existant_path" strace.out
+'
+
+test_done