diff options
author | David Pursehouse <dpursehouse@collab.net> | 2018-10-07 14:08:16 +0900 |
---|---|---|
committer | David Pursehouse <dpursehouse@collab.net> | 2018-10-08 13:44:13 +0900 |
commit | 685bb846443c5ecac142c83465fb9157e76827ed (patch) | |
tree | b4aa6782562f24a71f76096c832d2a0c5ef07512 | |
parent | 527e01513e0a16642874f32ab3da7db8e7c4c238 (diff) |
Add tests for .gitmodules validation
Add tests to ensure that pushes containing invalid .gitmodules
content are rejected. Without the previous commit that updates
JGit to fix CVE-2018-17456 [1], these tests fail.
[1] https://nvd.nist.gov/vuln/detail/CVE-2018-17456
Change-Id: Id07a9560ff224ce4971f3e848656b987ac9357c2
-rw-r--r-- | gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/GitmodulesIT.java | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/GitmodulesIT.java b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/GitmodulesIT.java new file mode 100644 index 0000000000..a13c8c812d --- /dev/null +++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/GitmodulesIT.java @@ -0,0 +1,57 @@ +// Copyright (C) 2018 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.acceptance.git; + +import com.google.gerrit.acceptance.AbstractDaemonTest; +import org.eclipse.jgit.api.errors.TransportException; +import org.eclipse.jgit.junit.TestRepository; +import org.eclipse.jgit.lib.Config; +import org.eclipse.jgit.transport.RefSpec; +import org.junit.Test; + +public class GitmodulesIT extends AbstractDaemonTest { + @Test + public void invalidSubmoduleURLIsRejected() throws Exception { + pushGitmodules("name", "-invalid-url", "path", "Invalid submodule URL"); + } + + @Test + public void invalidSubmodulePathIsRejected() throws Exception { + pushGitmodules("name", "http://somewhere", "-invalid-path", "Invalid submodule path"); + } + + @Test + public void invalidSubmoduleNameIsRejected() throws Exception { + pushGitmodules("-invalid-name", "http://somewhere", "path", "Invalid submodule name"); + } + + private void pushGitmodules(String name, String url, String path, String expectedErrorMessage) + throws Exception { + Config config = new Config(); + config.setString("submodule", name, "url", url); + config.setString("submodule", name, "path", path); + TestRepository<?> repo = cloneProject(project); + repo.branch("HEAD") + .commit() + .insertChangeId() + .message("subject: adding new subscription") + .add(".gitmodules", config.toText().toString()) + .create(); + + exception.expectMessage(expectedErrorMessage); + exception.expect(TransportException.class); + repo.git().push().setRemote("origin").setRefSpecs(new RefSpec("HEAD:refs/for/master")).call(); + } +} |