open.c 23.7 KB
Newer Older
1
#include "clar_libgit2.h"
2
#include "futils.h"
3
#include "sysdir.h"
4
#include <ctype.h>
5

6
static int validate_ownership = 0;
7 8 9 10 11
static git_buf config_path = GIT_BUF_INIT;

void test_repo_open__initialize(void)
{
	cl_git_pass(git_libgit2_opts(GIT_OPT_GET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, &config_path));
12
	cl_git_pass(git_libgit2_opts(GIT_OPT_GET_OWNER_VALIDATION, &validate_ownership));
13
}
14

15
void test_repo_open__cleanup(void)
16
{
17
	cl_git_sandbox_cleanup();
18
	cl_fixture_cleanup("empty_standard_repo");
19
	cl_fixture_cleanup("testrepo.git");
20
	cl_fixture_cleanup("__global_config");
21

22
	if (git_fs_path_isdir("alternate"))
23
		git_futils_rmdir_r("alternate", NULL, GIT_RMDIR_REMOVE_FILES);
24

25
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_NONE);
26 27 28

	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, config_path.ptr));
	git_buf_dispose(&config_path);
29 30

	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, validate_ownership));
31
}
32

33 34
void test_repo_open__bare_empty_repo(void)
{
35
	git_repository *repo = cl_git_sandbox_init("empty_bare.git");
36

37
	cl_assert(git_repository_path(repo) != NULL);
38
	cl_assert(git__suffixcmp(git_repository_path(repo), "/") == 0);
39
	cl_assert(git_repository_workdir(repo) == NULL);
40
}
41

42 43 44 45 46 47 48 49
void test_repo_open__format_version_1(void)
{
	git_repository *repo;
	git_config *config;

	repo = cl_git_sandbox_init("empty_bare.git");

	cl_git_pass(git_repository_open(&repo, "empty_bare.git"));
50
	cl_git_pass(git_repository_config(&config, repo));
51 52 53

	cl_git_pass(git_config_set_int32(config, "core.repositoryformatversion", 1));

54
	git_config_free(config);
55
	git_repository_free(repo);
56

57
	cl_git_pass(git_repository_open(&repo, "empty_bare.git"));
58 59 60 61 62
	cl_assert(git_repository_path(repo) != NULL);
	cl_assert(git__suffixcmp(git_repository_path(repo), "/") == 0);
	git_repository_free(repo);
}

63 64
void test_repo_open__standard_empty_repo_through_gitdir(void)
{
65 66
	git_repository *repo;

67 68 69 70 71 72 73
	cl_git_pass(git_repository_open(&repo, cl_fixture("empty_standard_repo/.gitted")));

	cl_assert(git_repository_path(repo) != NULL);
	cl_assert(git__suffixcmp(git_repository_path(repo), "/") == 0);

	cl_assert(git_repository_workdir(repo) != NULL);
	cl_assert(git__suffixcmp(git_repository_workdir(repo), "/") == 0);
74 75

	git_repository_free(repo);
76 77
}

78
void test_repo_open__standard_empty_repo_through_workdir(void)
79
{
80
	git_repository *repo = cl_git_sandbox_init("empty_standard_repo");
81 82

	cl_assert(git_repository_path(repo) != NULL);
83 84
	cl_assert(git__suffixcmp(git_repository_path(repo), "/") == 0);

85
	cl_assert(git_repository_workdir(repo) != NULL);
86
	cl_assert(git__suffixcmp(git_repository_workdir(repo), "/") == 0);
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
}


void test_repo_open__open_with_discover(void)
{
	static const char *variants[] = {
		"attr", "attr/", "attr/.git", "attr/.git/",
		"attr/sub", "attr/sub/", "attr/sub/sub", "attr/sub/sub/",
		NULL
	};
	git_repository *repo;
	const char **scan;

	cl_fixture_sandbox("attr");
	cl_git_pass(p_rename("attr/.gitted", "attr/.git"));

	for (scan = variants; *scan != NULL; scan++) {
		cl_git_pass(git_repository_open_ext(&repo, *scan, 0, NULL));
		cl_assert(git__suffixcmp(git_repository_path(repo), "attr/.git/") == 0);
		cl_assert(git__suffixcmp(git_repository_workdir(repo), "attr/") == 0);
		git_repository_free(repo);
	}

	cl_fixture_cleanup("attr");
}

113 114 115 116 117 118 119 120 121 122 123
void test_repo_open__check_if_repository(void)
{
	cl_git_sandbox_init("empty_standard_repo");

	/* Pass NULL for the output parameter to check for but not open the repo */
	cl_git_pass(git_repository_open_ext(NULL, "empty_standard_repo", 0, NULL));
	cl_git_fail(git_repository_open_ext(NULL, "repo_does_not_exist", 0, NULL));

	cl_fixture_cleanup("empty_standard_repo");
}

124 125
static void make_gitlink_dir(const char *dir, const char *linktext)
{
126
	git_str path = GIT_STR_INIT;
127

128
	cl_git_pass(git_futils_mkdir(dir, 0777, GIT_MKDIR_VERIFY_DIR));
129
	cl_git_pass(git_str_joinpath(&path, dir, ".git"));
130
	cl_git_rewritefile(path.ptr, linktext);
131
	git_str_dispose(&path);
132 133
}

134 135 136 137 138 139
void test_repo_open__gitlinked(void)
{
	/* need to have both repo dir and workdir set up correctly */
	git_repository *repo = cl_git_sandbox_init("empty_standard_repo");
	git_repository *repo2;

140
	make_gitlink_dir("alternate", "gitdir: ../empty_standard_repo/.git");
141 142 143 144 145 146 147 148 149 150 151 152 153

	cl_git_pass(git_repository_open(&repo2, "alternate"));

	cl_assert(git_repository_path(repo2) != NULL);
	cl_assert_(git__suffixcmp(git_repository_path(repo2), "empty_standard_repo/.git/") == 0, git_repository_path(repo2));
	cl_assert_equal_s(git_repository_path(repo), git_repository_path(repo2));

	cl_assert(git_repository_workdir(repo2) != NULL);
	cl_assert_(git__suffixcmp(git_repository_workdir(repo2), "alternate/") == 0, git_repository_workdir(repo2));

	git_repository_free(repo2);
}

154 155 156
void test_repo_open__with_symlinked_config(void)
{
#ifndef GIT_WIN32
157
	git_str path = GIT_STR_INIT;
158 159 160 161 162 163 164 165 166 167
	git_repository *repo;
	git_config *cfg;
	int32_t value;

	cl_git_sandbox_init("empty_standard_repo");

	/* Setup .gitconfig as symlink */
	cl_git_pass(git_futils_mkdir_r("home", 0777));
	cl_git_mkfile("home/.gitconfig.linked", "[global]\ntest = 4567\n");
	cl_must_pass(symlink(".gitconfig.linked", "home/.gitconfig"));
168
	cl_git_pass(git_fs_path_prettify(&path, "home", NULL));
169 170 171 172 173 174 175 176 177
	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, path.ptr));

	cl_git_pass(git_repository_open(&repo, "empty_standard_repo"));
	cl_git_pass(git_config_open_default(&cfg));
	cl_git_pass(git_config_get_int32(&value, cfg, "global.test"));
	cl_assert_equal_i(4567, value);

	git_config_free(cfg);
	git_repository_free(repo);
178
	cl_git_pass(git_futils_rmdir_r(git_str_cstr(&path), NULL, GIT_RMDIR_REMOVE_FILES));
179
	cl_sandbox_set_search_path_defaults();
180
	git_str_dispose(&path);
181 182 183
#endif
}

184 185
void test_repo_open__from_git_new_workdir(void)
{
186
#ifndef GIT_WIN32
187 188 189 190 191 192 193
	/* The git-new-workdir script that ships with git sets up a bunch of
	 * symlinks to create a second workdir that shares the object db with
	 * another checkout.  Libgit2 can open a repo that has been configured
	 * this way.
	 */

	git_repository *repo2;
194
	git_str link_tgt = GIT_STR_INIT, link = GIT_STR_INIT, body = GIT_STR_INIT;
195 196 197 198 199 200 201 202 203 204
	const char **scan;
	int link_fd;
	static const char *links[] = {
		"config", "refs", "logs/refs", "objects", "info", "hooks",
		"packed-refs", "remotes", "rr-cache", "svn", NULL
	};
	static const char *copies[] = {
		"HEAD", NULL
	};

205 206
	cl_git_sandbox_init("empty_standard_repo");

207 208 209 210
	cl_git_pass(p_mkdir("alternate", 0777));
	cl_git_pass(p_mkdir("alternate/.git", 0777));

	for (scan = links; *scan != NULL; scan++) {
211
		git_str_joinpath(&link_tgt, "empty_standard_repo/.git", *scan);
212
		if (git_fs_path_exists(link_tgt.ptr)) {
213 214
			git_str_joinpath(&link_tgt, "../../empty_standard_repo/.git", *scan);
			git_str_joinpath(&link, "alternate/.git", *scan);
215 216 217 218 219 220
			if (strchr(*scan, '/'))
				git_futils_mkpath2file(link.ptr, 0777);
			cl_assert_(symlink(link_tgt.ptr, link.ptr) == 0, strerror(errno));
		}
	}
	for (scan = copies; *scan != NULL; scan++) {
221
		git_str_joinpath(&link_tgt, "empty_standard_repo/.git", *scan);
222
		if (git_fs_path_exists(link_tgt.ptr)) {
223
			git_str_joinpath(&link, "alternate/.git", *scan);
224 225 226 227 228 229 230 231
			cl_git_pass(git_futils_readbuffer(&body, link_tgt.ptr));

			cl_assert((link_fd = git_futils_creat_withpath(link.ptr, 0777, 0666)) >= 0);
			cl_must_pass(p_write(link_fd, body.ptr, body.size));
			p_close(link_fd);
		}
	}

232 233 234
	git_str_dispose(&link_tgt);
	git_str_dispose(&link);
	git_str_dispose(&body);
235 236 237 238 239 240 241 242 243 244 245


	cl_git_pass(git_repository_open(&repo2, "alternate"));

	cl_assert(git_repository_path(repo2) != NULL);
	cl_assert_(git__suffixcmp(git_repository_path(repo2), "alternate/.git/") == 0, git_repository_path(repo2));

	cl_assert(git_repository_workdir(repo2) != NULL);
	cl_assert_(git__suffixcmp(git_repository_workdir(repo2), "alternate/") == 0, git_repository_workdir(repo2));

	git_repository_free(repo2);
246 247
#else
	cl_skip();
248 249 250 251 252 253
#endif
}

void test_repo_open__failures(void)
{
	git_repository *base, *repo;
254
	git_str ceiling = GIT_STR_INIT;
255 256

	base = cl_git_sandbox_init("attr");
257
	cl_git_pass(git_str_sets(&ceiling, git_repository_workdir(base)));
258 259 260 261 262 263 264 265

	/* fail with no searching */
	cl_git_fail(git_repository_open(&repo, "attr/sub"));
	cl_git_fail(git_repository_open_ext(
		&repo, "attr/sub", GIT_REPOSITORY_OPEN_NO_SEARCH, NULL));

	/* fail with ceiling too low */
	cl_git_fail(git_repository_open_ext(&repo, "attr/sub", 0, ceiling.ptr));
266
	cl_git_pass(git_str_joinpath(&ceiling, ceiling.ptr, "sub"));
267
	cl_git_fail(git_repository_open_ext(&repo, "attr/sub/sub", 0, ceiling.ptr));
268 269 270 271 272 273 274

	/* fail with no repo */
	cl_git_pass(p_mkdir("alternate", 0777));
	cl_git_pass(p_mkdir("alternate/.git", 0777));
	cl_git_fail(git_repository_open_ext(&repo, "alternate", 0, NULL));
	cl_git_fail(git_repository_open_ext(&repo, "alternate/.git", 0, NULL));

275 276 277 278 279 280
	/* fail with no searching and no appending .git */
	cl_git_fail(git_repository_open_ext(
		&repo, "attr",
		GIT_REPOSITORY_OPEN_NO_SEARCH | GIT_REPOSITORY_OPEN_NO_DOTGIT,
		NULL));

281
	git_str_dispose(&ceiling);
282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297
}

void test_repo_open__bad_gitlinks(void)
{
	git_repository *repo;
	static const char *bad_links[] = {
		"garbage\n", "gitdir", "gitdir:\n", "gitdir: foobar",
		"gitdir: ../invalid", "gitdir: ../invalid2",
		"gitdir: ../attr/.git with extra stuff",
		NULL
	};
	const char **scan;

	cl_git_sandbox_init("attr");

	cl_git_pass(p_mkdir("invalid", 0777));
298
	cl_git_pass(git_futils_mkdir_r("invalid2/.git", 0777));
299 300

	for (scan = bad_links; *scan != NULL; scan++) {
301
		make_gitlink_dir("alternate", *scan);
302
		repo = NULL;
303
		cl_git_fail(git_repository_open_ext(&repo, "alternate", 0, NULL));
304
		cl_assert(repo == NULL);
305 306
	}

307 308
	git_futils_rmdir_r("invalid", NULL, GIT_RMDIR_REMOVE_FILES);
	git_futils_rmdir_r("invalid2", NULL, GIT_RMDIR_REMOVE_FILES);
309 310
}

311
#ifdef GIT_WIN32
312
static void unposix_path(git_str *path)
313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332
{
	char *src, *tgt;

	src = tgt = path->ptr;

	/* convert "/d/..." to "d:\..." */
	if (src[0] == '/' && isalpha(src[1]) && src[2] == '/') {
		*tgt++ = src[1];
		*tgt++ = ':';
		*tgt++ = '\\';
		src += 3;
	}

	while (*src) {
		*tgt++ = (*src == '/') ? '\\' : *src;
		src++;
	}

	*tgt = '\0';
}
333
#endif
334 335 336 337 338

void test_repo_open__win32_path(void)
{
#ifdef GIT_WIN32
	git_repository *repo = cl_git_sandbox_init("empty_standard_repo"), *repo2;
339
	git_str winpath = GIT_STR_INIT;
340 341 342 343 344 345
	static const char *repo_path = "empty_standard_repo/.git/";
	static const char *repo_wd   = "empty_standard_repo/";

	cl_assert(git__suffixcmp(git_repository_path(repo), repo_path) == 0);
	cl_assert(git__suffixcmp(git_repository_workdir(repo), repo_wd) == 0);

346
	cl_git_pass(git_str_sets(&winpath, git_repository_path(repo)));
347 348 349 350 351 352
	unposix_path(&winpath);
	cl_git_pass(git_repository_open(&repo2, winpath.ptr));
	cl_assert(git__suffixcmp(git_repository_path(repo2), repo_path) == 0);
	cl_assert(git__suffixcmp(git_repository_workdir(repo2), repo_wd) == 0);
	git_repository_free(repo2);

353 354
	cl_git_pass(git_str_sets(&winpath, git_repository_path(repo)));
	git_str_truncate(&winpath, winpath.size - 1); /* remove trailing '/' */
355 356 357 358 359 360
	unposix_path(&winpath);
	cl_git_pass(git_repository_open(&repo2, winpath.ptr));
	cl_assert(git__suffixcmp(git_repository_path(repo2), repo_path) == 0);
	cl_assert(git__suffixcmp(git_repository_workdir(repo2), repo_wd) == 0);
	git_repository_free(repo2);

361
	cl_git_pass(git_str_sets(&winpath, git_repository_workdir(repo)));
362 363 364 365 366 367
	unposix_path(&winpath);
	cl_git_pass(git_repository_open(&repo2, winpath.ptr));
	cl_assert(git__suffixcmp(git_repository_path(repo2), repo_path) == 0);
	cl_assert(git__suffixcmp(git_repository_workdir(repo2), repo_wd) == 0);
	git_repository_free(repo2);

368 369
	cl_git_pass(git_str_sets(&winpath, git_repository_workdir(repo)));
	git_str_truncate(&winpath, winpath.size - 1); /* remove trailing '/' */
370 371 372 373 374
	unposix_path(&winpath);
	cl_git_pass(git_repository_open(&repo2, winpath.ptr));
	cl_assert(git__suffixcmp(git_repository_path(repo2), repo_path) == 0);
	cl_assert(git__suffixcmp(git_repository_workdir(repo2), repo_wd) == 0);
	git_repository_free(repo2);
375

376
	git_str_dispose(&winpath);
377
#endif
378
}
379 380 381 382

void test_repo_open__opening_a_non_existing_repository_returns_ENOTFOUND(void)
{
	git_repository *repo;
383
	cl_assert_equal_i(GIT_ENOTFOUND, git_repository_open(&repo, "i-do-not/exist"));
384
}
385 386 387

void test_repo_open__no_config(void)
{
388
	git_str path = GIT_STR_INIT;
389 390 391 392
	git_repository *repo;
	git_config *config;

	cl_fixture_sandbox("empty_standard_repo");
393 394
	cl_git_pass(cl_rename(
		"empty_standard_repo/.gitted", "empty_standard_repo/.git"));
395 396 397 398 399 400 401

	/* remove local config */
	cl_git_pass(git_futils_rmdir_r(
		"empty_standard_repo/.git/config", NULL, GIT_RMDIR_REMOVE_FILES));

	/* isolate from system level configs */
	cl_must_pass(p_mkdir("alternate", 0777));
402
	cl_git_pass(git_fs_path_prettify(&path, "alternate", NULL));
403 404 405 406 407 408 409
	cl_git_pass(git_libgit2_opts(
		GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, path.ptr));
	cl_git_pass(git_libgit2_opts(
		GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_SYSTEM, path.ptr));
	cl_git_pass(git_libgit2_opts(
		GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_XDG, path.ptr));

410
	git_str_dispose(&path);
411 412 413 414

	cl_git_pass(git_repository_open(&repo, "empty_standard_repo"));
	cl_git_pass(git_repository_config(&config, repo));

415
	cl_git_pass(git_config_set_string(config, "test.set", "42"));
416 417 418 419

	git_config_free(config);
	git_repository_free(repo);
	cl_fixture_cleanup("empty_standard_repo");
420

421
	cl_sandbox_set_search_path_defaults();
422
}
423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467

void test_repo_open__force_bare(void)
{
	/* need to have both repo dir and workdir set up correctly */
	git_repository *repo = cl_git_sandbox_init("empty_standard_repo");
	git_repository *barerepo;

	make_gitlink_dir("alternate", "gitdir: ../empty_standard_repo/.git");

	cl_assert(!git_repository_is_bare(repo));

	cl_git_pass(git_repository_open(&barerepo, "alternate"));
	cl_assert(!git_repository_is_bare(barerepo));
	git_repository_free(barerepo);

	cl_git_pass(git_repository_open_bare(
		&barerepo, "empty_standard_repo/.git"));
	cl_assert(git_repository_is_bare(barerepo));
	git_repository_free(barerepo);

	cl_git_fail(git_repository_open_bare(&barerepo, "alternate/.git"));

	cl_git_pass(git_repository_open_ext(
		&barerepo, "alternate/.git", GIT_REPOSITORY_OPEN_BARE, NULL));
	cl_assert(git_repository_is_bare(barerepo));
	git_repository_free(barerepo);

	cl_git_pass(p_mkdir("empty_standard_repo/subdir", 0777));
	cl_git_mkfile("empty_standard_repo/subdir/something.txt", "something");

	cl_git_fail(git_repository_open_bare(
		&barerepo, "empty_standard_repo/subdir"));

	cl_git_pass(git_repository_open_ext(
		&barerepo, "empty_standard_repo/subdir", GIT_REPOSITORY_OPEN_BARE, NULL));
	cl_assert(git_repository_is_bare(barerepo));
	git_repository_free(barerepo);

	cl_git_pass(p_mkdir("alternate/subdir", 0777));
	cl_git_pass(p_mkdir("alternate/subdir/sub2", 0777));
	cl_git_mkfile("alternate/subdir/sub2/something.txt", "something");

	cl_git_fail(git_repository_open_bare(&barerepo, "alternate/subdir/sub2"));

	cl_git_pass(git_repository_open_ext(
468 469
		&barerepo, "alternate/subdir/sub2",
		GIT_REPOSITORY_OPEN_BARE|GIT_REPOSITORY_OPEN_CROSS_FS, NULL));
470 471 472
	cl_assert(git_repository_is_bare(barerepo));
	git_repository_free(barerepo);
}
473

474 475 476 477
void test_repo_open__validates_dir_ownership(void)
{
	git_repository *repo;

478 479
	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));

480 481 482 483
	cl_fixture_sandbox("empty_standard_repo");
	cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));

	/* When the current user owns the repo config, that's acceptable */
484
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_CURRENT_USER);
485 486 487
	cl_git_pass(git_repository_open(&repo, "empty_standard_repo"));
	git_repository_free(repo);

488
	/* When the system user owns the repo config, fail */
489
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_ADMINISTRATOR);
490
	cl_git_fail_with(GIT_EOWNER, git_repository_open(&repo, "empty_standard_repo"));
491

492 493 494 495 496 497 498
#ifdef GIT_WIN32
	/* When the user is an administrator, succeed on Windows. */
	git_fs_path__set_owner(GIT_FS_PATH_USER_IS_ADMINISTRATOR);
	cl_git_pass(git_repository_open(&repo, "empty_standard_repo"));
	git_repository_free(repo);
#endif

499
	/* When an unknown user owns the repo config, fail */
500
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_OTHER);
501
	cl_git_fail_with(GIT_EOWNER, git_repository_open(&repo, "empty_standard_repo"));
502 503
}

504 505 506 507 508 509 510 511 512
void test_repo_open__validates_bare_repo_ownership(void)
{
	git_repository *repo;

	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));

	cl_fixture_sandbox("testrepo.git");

	/* When the current user owns the repo config, that's acceptable */
513
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_CURRENT_USER);
514 515 516 517
	cl_git_pass(git_repository_open(&repo, "testrepo.git"));
	git_repository_free(repo);

	/* When the system user owns the repo config, fail */
518
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_ADMINISTRATOR);
519
	cl_git_fail_with(GIT_EOWNER, git_repository_open(&repo, "testrepo.git"));
520

521 522 523 524 525 526 527
#ifdef GIT_WIN32
	/* When the user is an administrator, succeed on Windows. */
	git_fs_path__set_owner(GIT_FS_PATH_USER_IS_ADMINISTRATOR);
	cl_git_pass(git_repository_open(&repo, "testrepo.git"));
	git_repository_free(repo);
#endif

528
	/* When an unknown user owns the repo config, fail */
529
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_OTHER);
530
	cl_git_fail_with(GIT_EOWNER, git_repository_open(&repo, "testrepo.git"));
531 532
}

533 534 535
void test_repo_open__can_allowlist_dirs_with_problematic_ownership(void)
{
	git_repository *repo;
536 537 538
	git_str config_path = GIT_STR_INIT,
	        config_filename = GIT_STR_INIT,
	        config_data = GIT_STR_INIT;
539

540 541
	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));

542 543 544
	cl_fixture_sandbox("empty_standard_repo");
	cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));

545
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_OTHER);
546
	cl_git_fail_with(GIT_EOWNER, git_repository_open(&repo, "empty_standard_repo"));
547

548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571
	/* Add safe.directory options to the global configuration */
	git_str_joinpath(&config_path, clar_sandbox_path(), "__global_config");
	cl_must_pass(p_mkdir(config_path.ptr, 0777));
	git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, config_path.ptr);

	git_str_joinpath(&config_filename, config_path.ptr, ".gitconfig");

	git_str_printf(&config_data,
		"[foo]\n" \
		"\tbar = Foobar\n" \
		"\tbaz = Baz!\n" \
		"[safe]\n" \
		"\tdirectory = /non/existent/path\n" \
		"\tdirectory = /\n" \
		"\tdirectory = c:\\\\temp\n" \
		"\tdirectory = %s/%s\n" \
		"\tdirectory = /tmp\n" \
		"[bar]\n" \
		"\tfoo = barfoo\n",
		clar_sandbox_path(), "empty_standard_repo");
	cl_git_rewritefile(config_filename.ptr, config_data.ptr);

	cl_git_pass(git_repository_open(&repo, "empty_standard_repo"));
	git_repository_free(repo);
572 573 574 575 576 577

	git_str_dispose(&config_path);
	git_str_dispose(&config_filename);
	git_str_dispose(&config_data);
}

578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616
void test_repo_open__can_wildcard_allowlist_with_problematic_ownership(void)
{
	git_repository *repo;
	git_str config_path = GIT_STR_INIT, config_filename = GIT_STR_INIT;

	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));

	cl_fixture_sandbox("empty_standard_repo");
	cl_git_pass(cl_rename(
	        "empty_standard_repo/.gitted", "empty_standard_repo/.git"));

	git_fs_path__set_owner(GIT_FS_PATH_OWNER_OTHER);
	cl_git_fail_with(
	        GIT_EOWNER, git_repository_open(&repo, "empty_standard_repo"));

	/* Add safe.directory options to the global configuration */
	git_str_joinpath(&config_path, clar_sandbox_path(), "__global_config");
	cl_must_pass(p_mkdir(config_path.ptr, 0777));
	git_libgit2_opts(
	        GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL,
	        config_path.ptr);

	git_str_joinpath(&config_filename, config_path.ptr, ".gitconfig");

	cl_git_rewritefile(config_filename.ptr, "[foo]\n"
	        "\tbar = Foobar\n"
	        "\tbaz = Baz!\n"
	        "[safe]\n"
	        "\tdirectory = *\n"
	        "[bar]\n"
	        "\tfoo = barfoo\n");

	cl_git_pass(git_repository_open(&repo, "empty_standard_repo"));
	git_repository_free(repo);

	git_str_dispose(&config_path);
	git_str_dispose(&config_filename);
}

617 618 619 620 621 622 623 624 625 626 627
void test_repo_open__can_allowlist_bare_gitdir(void)
{
	git_repository *repo;
	git_str config_path = GIT_STR_INIT,
	        config_filename = GIT_STR_INIT,
	        config_data = GIT_STR_INIT;

	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));

	cl_fixture_sandbox("testrepo.git");

628
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_OTHER);
629
	cl_git_fail_with(GIT_EOWNER, git_repository_open(&repo, "testrepo.git"));
630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654

	/* Add safe.directory options to the global configuration */
	git_str_joinpath(&config_path, clar_sandbox_path(), "__global_config");
	cl_must_pass(p_mkdir(config_path.ptr, 0777));
	git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, config_path.ptr);

	git_str_joinpath(&config_filename, config_path.ptr, ".gitconfig");

	git_str_printf(&config_data,
		"[foo]\n" \
		"\tbar = Foobar\n" \
		"\tbaz = Baz!\n" \
		"[safe]\n" \
		"\tdirectory = /non/existent/path\n" \
		"\tdirectory = /\n" \
		"\tdirectory = c:\\\\temp\n" \
		"\tdirectory = %s/%s\n" \
		"\tdirectory = /tmp\n" \
		"[bar]\n" \
		"\tfoo = barfoo\n",
		clar_sandbox_path(), "testrepo.git");
	cl_git_rewritefile(config_filename.ptr, config_data.ptr);

	cl_git_pass(git_repository_open(&repo, "testrepo.git"));
	git_repository_free(repo);
655 656 657 658 659 660

	git_str_dispose(&config_path);
	git_str_dispose(&config_filename);
	git_str_dispose(&config_data);
}

661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697
void test_repo_open__can_wildcard_allowlist_bare_gitdir(void)
{
	git_repository *repo;
	git_str config_path = GIT_STR_INIT, config_filename = GIT_STR_INIT;

	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));

	cl_fixture_sandbox("testrepo.git");

	git_fs_path__set_owner(GIT_FS_PATH_OWNER_OTHER);
	cl_git_fail_with(
	        GIT_EOWNER, git_repository_open(&repo, "testrepo.git"));

	/* Add safe.directory options to the global configuration */
	git_str_joinpath(&config_path, clar_sandbox_path(), "__global_config");
	cl_must_pass(p_mkdir(config_path.ptr, 0777));
	git_libgit2_opts(
	        GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL,
	        config_path.ptr);

	git_str_joinpath(&config_filename, config_path.ptr, ".gitconfig");

	cl_git_rewritefile(config_filename.ptr, "[foo]\n"
	        "\tbar = Foobar\n"
	        "\tbaz = Baz!\n"
	        "[safe]\n"
	        "\tdirectory = *\n"
	        "[bar]\n"
	        "\tfoo = barfoo\n");

	cl_git_pass(git_repository_open(&repo, "testrepo.git"));
	git_repository_free(repo);

	git_str_dispose(&config_path);
	git_str_dispose(&config_filename);
}

698 699 700 701 702 703 704
void test_repo_open__can_reset_safe_directory_list(void)
{
	git_repository *repo;
	git_str config_path = GIT_STR_INIT,
	        config_filename = GIT_STR_INIT,
	        config_data = GIT_STR_INIT;

705 706
	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));

707 708 709
	cl_fixture_sandbox("empty_standard_repo");
	cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));

710
	git_fs_path__set_owner(GIT_FS_PATH_OWNER_OTHER);
711
	cl_git_fail_with(GIT_EOWNER, git_repository_open(&repo, "empty_standard_repo"));
712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734

	/* Add safe.directory options to the global configuration */
	git_str_joinpath(&config_path, clar_sandbox_path(), "__global_config");
	cl_must_pass(p_mkdir(config_path.ptr, 0777));
	git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, config_path.ptr);

	git_str_joinpath(&config_filename, config_path.ptr, ".gitconfig");

	/* The blank resets our sandbox directory and opening fails */

	git_str_printf(&config_data,
		"[foo]\n" \
		"\tbar = Foobar\n" \
		"\tbaz = Baz!\n" \
		"[safe]\n" \
		"\tdirectory = %s/%s\n" \
		"\tdirectory = \n" \
		"\tdirectory = /tmp\n" \
		"[bar]\n" \
		"\tfoo = barfoo\n",
		clar_sandbox_path(), "empty_standard_repo");
	cl_git_rewritefile(config_filename.ptr, config_data.ptr);

735
	cl_git_fail_with(GIT_EOWNER, git_repository_open(&repo, "empty_standard_repo"));
736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758

	/* The blank resets tmp and allows subsequent declarations to succeed */

	git_str_clear(&config_data);
	git_str_printf(&config_data,
		"[foo]\n" \
		"\tbar = Foobar\n" \
		"\tbaz = Baz!\n" \
		"[safe]\n" \
		"\tdirectory = /tmp\n" \
		"\tdirectory = \n" \
		"\tdirectory = %s/%s\n" \
		"[bar]\n" \
		"\tfoo = barfoo\n",
		clar_sandbox_path(), "empty_standard_repo");
	cl_git_rewritefile(config_filename.ptr, config_data.ptr);

	cl_git_pass(git_repository_open(&repo, "empty_standard_repo"));
	git_repository_free(repo);

	git_str_dispose(&config_path);
	git_str_dispose(&config_filename);
	git_str_dispose(&config_data);
759
}