summaryrefslogtreecommitdiff
path: root/t/t5560-http-backend.sh
diff options
context:
space:
mode:
Diffstat (limited to 't/t5560-http-backend.sh')
-rwxr-xr-xt/t5560-http-backend.sh31
1 files changed, 31 insertions, 0 deletions
diff --git a/t/t5560-http-backend.sh b/t/t5560-http-backend.sh
index 908ba079d2..ed034bc980 100755
--- a/t/t5560-http-backend.sh
+++ b/t/t5560-http-backend.sh
@@ -146,6 +146,37 @@ test_expect_success 'http.receivepack false' '
POST git-receive-pack 0000 "403 Forbidden"
'
+run_backend() {
+ REQUEST_METHOD=GET \
+ GIT_PROJECT_ROOT="$HTTPD_DOCUMENT_ROOT_PATH" \
+ PATH_INFO="$2" \
+ git http-backend >act.out 2>act.err
+}
+
+path_info() {
+ if test $1 = 0; then
+ run_backend "$2"
+ else
+ test_must_fail run_backend "$2" &&
+ echo "fatal: '$2': aliased" >exp.err &&
+ test_cmp exp.err act.err
+ fi
+}
+
+test_expect_success 'http-backend blocks bad PATH_INFO' '
+ config http.getanyfile true &&
+
+ run_backend 0 /repo.git/HEAD &&
+
+ run_backend 1 /repo.git/../HEAD &&
+ run_backend 1 /../etc/passwd &&
+ run_backend 1 ../etc/passwd &&
+ run_backend 1 /etc//passwd &&
+ run_backend 1 /etc/./passwd &&
+ run_backend 1 /etc/.../passwd &&
+ run_backend 1 //domain/data.txt
+'
+
cat >exp <<EOF
### refs/heads/master
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-16 11:20:32 +0000