summaryrefslogtreecommitdiff
path: root/t/t5560-http-backend.sh
Commit message (Collapse)AuthorAgeFilesLines
* Smart-http tests: Break test t5560-http-backend into piecesTarmigan Casebolt2010-01-061-294/+0
| | | | | | | | | This should introduce no functional change in the tests or the amount of test coverage. Acked-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Tarmigan Casebolt <tarmigan+git@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Smart-http tests: Improve coverage in test t5560Tarmigan Casebolt2010-01-061-11/+10
| | | | | | | | | | | | | | | | | Commit 34b6cb8bb ("http-backend: Protect GIT_PROJECT_ROOT from /../ requests") added the path_info helper function to test t5560 but did not use it. We should use it as it provides another level of error checking. The /etc/.../passwd case is one that is not special (and the test fails for reasons other than being aliased), so we remove that test case. Also rename the function from 'path_info' to 'expect_aliased'. Acked-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Tarmigan Casebolt <tarmigan+git@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Smart-http: check if repository is OK to export before serving itTarmigan Casebolt2010-01-061-2/+37
| | | | | | | | | | | | Similar to how git-daemon checks whether a repository is OK to be exported, smart-http should also check. This check can be satisfied in two different ways: the environmental variable GIT_HTTP_EXPORT_ALL may be set to export all repositories, or the individual repository may have the file git-daemon-export-ok. Acked-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Tarmigan Casebolt <tarmigan+git@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* http-backend: Protect GIT_PROJECT_ROOT from /../ requestsShawn O. Pearce2009-11-091-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | Eons ago HPA taught git-daemon how to protect itself from /../ attacks, which Junio brought back into service in d79374c7b58d ("daemon.c and path.enter_repo(): revamp path validation"). I did not carry this into git-http-backend as originally we relied only upon PATH_TRANSLATED, and assumed the HTTP server had done its access control checks to validate the resolved path was within a directory permitting access from the remote client. This would usually be sufficient to protect a server from requests for its /etc/passwd file by http://host/smart/../etc/passwd sorts of URLs. However in 917adc036086 Mark Lodato added GIT_PROJECT_ROOT as an additional method of configuring the CGI. When this environment variable is used the web server does not generate the final access path and therefore may blindly pass through "/../etc/passwd" in PATH_INFO under the assumption that "/../" might have special meaning to the invoked CGI. Instead of permitting these sorts of malformed path requests, we now reject them back at the client, with an error message for the server log. This matches git-daemon behavior. Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* http-backend: Test configuration optionsShawn O. Pearce2009-11-041-0/+229
Test the major configuration settings which control access to the repository: http.getanyfile http.uploadpack http.receivepack Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
View Lorry Controller Status