internal/gitaly/hook/sidechannel_test.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

package hook

import (
	"io"
	"net"
	"path/filepath"
	"testing"

	"github.com/stretchr/testify/require"
	"gitlab.com/gitlab-org/gitaly/v15/internal/git"
	"gitlab.com/gitlab-org/gitaly/v15/internal/metadata"
	"gitlab.com/gitlab-org/gitaly/v15/internal/testhelper"
	grpc_metadata "google.golang.org/grpc/metadata"
)

func runTestsWithRuntimeDir(t *testing.T, testFunc func(*testing.T, string)) {
	t.Helper()

	t.Run("no runtime dir", func(t *testing.T) {
		testFunc(t, "")
	})

	t.Run("with runtime dir", func(t *testing.T) {
		testFunc(t, testhelper.TempDir(t))
	})
}

func TestSidechannel(t *testing.T) {
	t.Parallel()
	runTestsWithRuntimeDir(t, testSidechannelWithRuntimeDir)
}

func testSidechannelWithRuntimeDir(t *testing.T, runtimeDir string) {
	ctx := testhelper.Context(t)

	// Client side
	ctxOut, wt, err := SetupSidechannel(
		ctx,
		git.HooksPayload{
			RuntimeDir: runtimeDir,
		},
		func(c *net.UnixConn) error {
			_, err := io.WriteString(c, "ping")
			return err
		},
	)
	require.NoError(t, err)
	defer testhelper.MustClose(t, wt)

	require.DirExists(t, wt.socketDir)

	// Server side
	ctxIn := metadata.OutgoingToIncoming(ctxOut)
	c, err := GetSidechannel(ctxIn)
	require.NoError(t, err)
	defer c.Close()

	buf, err := io.ReadAll(c)
	require.NoError(t, err)
	require.Equal(t, "ping", string(buf))

	require.NoDirExists(t, wt.socketDir)

	// Client side
	require.NoError(t, wt.Wait())

	if runtimeDir != "" {
		require.DirExists(t, filepath.Join(runtimeDir, "chan.d"))
	}
}

func TestSidechannel_cleanup(t *testing.T) {
	t.Parallel()
	runTestsWithRuntimeDir(t, testSidechannelCleanupWithRuntimeDir)
}

func testSidechannelCleanupWithRuntimeDir(t *testing.T, runtimeDir string) {
	_, wt, err := SetupSidechannel(
		testhelper.Context(t),
		git.HooksPayload{
			RuntimeDir: runtimeDir,
		},
		func(c *net.UnixConn) error { return nil },
	)
	require.NoError(t, err)

	require.DirExists(t, wt.socketDir)
	_ = wt.Close()
	require.NoDirExists(t, wt.socketDir)

	if runtimeDir != "" {
		require.DirExists(t, filepath.Join(runtimeDir, "chan.d"))
	}
}

func TestGetSidechannel(t *testing.T) {
	ctx := testhelper.Context(t)

	testCases := []string{
		"foobar",
		"sc.foo/../../bar",
		"foo/../../bar",
		"/etc/passwd",
	}

	for _, tc := range testCases {
		t.Run(tc, func(t *testing.T) {
			ctx := grpc_metadata.NewIncomingContext(
				ctx,
				map[string][]string{sidechannelHeader: {tc}},
			)
			_, err := GetSidechannel(ctx)
			require.Error(t, err)
			require.Equal(t, ErrInvalidSidechannelAddress{tc}, err)
		})
	}
}