Idea-Studios/libgit2
2
0
Fork 0
mirror of https://github.com/libgit2/libgit2.git synced 2026-06-22 06:26:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bd6b1c41575e7cc011798a424b6564569887c293
libgit2/tests
History
Patrick Steinhardt 93a9044ff6 fetchhead: strip credentials from remote URL 
If fetching from an anonymous remote via its URL, then the URL gets
written into the FETCH_HEAD reference. This is mainly done to give
valuable context to some commands, like for example git-merge(1), which
will put the URL into the generated MERGE_MSG. As a result, what gets
written into FETCH_HEAD may become public in some cases. This is
especially important considering that URLs may contain credentials, e.g.
when cloning 'https://foo:bar@example.com/repo' we persist the complete
URL into FETCH_HEAD and put it without any kind of sanitization into the
MERGE_MSG. This is obviously bad, as your login data has now just leaked
as soon as you do git-push(1).

When writing the URL into FETCH_HEAD, upstream git does strip
credentials first. Let's do the same by trying to parse the remote URL
as a "real" URL, removing any credentials and then re-formatting the
URL. In case this fails, e.g. when it's a file path or not a valid URL,
we just fall back to using the URL as-is without any sanitization. Add
tests to verify our behaviour.
2020-01-31 15:25:47 +01:00
..
apply
apply: add GIT_APPLY_CHECK
2019-10-22 10:23:24 -04:00
attr
attr: Update definition of binary macro
2019-12-12 10:58:56 +00:00
blame
cache: fix cache eviction using deallocated key
2019-05-24 15:28:33 +02:00
buf
buf::oom tests: use custom allocator for oom failures
2018-10-21 13:15:24 +01:00
checkout
Disallow NTFS Alternate Data Stream attacks, even on Linux/macOS
2019-12-10 18:01:06 +10:00
cherrypick
fileops: rename to "futils.h" to match function signatures
2019-07-20 19:11:20 +02:00
clar
clar: use size_t to keep track of current line number
2019-07-05 11:31:52 +02:00
clone
submodule: provide a wrapper for simple submodule clone steps
2019-10-17 13:09:39 +02:00
commit
commit: add failing tests for object checking for git_commit_with_signature
2019-10-30 20:35:48 +01:00
config
tests: config: only test parsing huge file with GITTEST_INVASIVE_SPEED
2019-11-28 15:39:13 +01:00
core
win32: fix relative symlinks pointing into dirs
2020-01-10 12:48:32 +01:00
date
treewide: remove use of C++ style comments
2018-07-13 08:25:12 +02:00
delta
delta: fix out-of-bounds read of delta
2018-06-29 09:30:02 +02:00
describe
global: convert trivial fnmatch users to use wildcard
2019-06-15 09:34:21 +02:00
diff
diff: make patchid computation work with all types of commits.
2019-11-28 14:17:50 +01:00
fetchhead
fetchhead: strip credentials from remote URL
2020-01-31 15:25:47 +01:00
filter
filter: test second-level in-repo .gitattributes
2019-08-11 21:32:03 +01:00
graph
Implement test for graph ahead and behind
2019-07-22 23:38:11 +05:30
ignore
ignore: correct handling of nested rules overriding wild card unignore
2019-08-28 08:47:32 +10:00
index
index: ensure that we respect core.protectNTFS=false
2019-12-10 18:11:45 +10:00
iterator
refs: refuse to delete HEAD
2020-01-15 13:55:58 -08:00
mailmap
tests: mailmap: avoid definition of unused static variables
2018-11-28 15:22:27 +01:00
merge
merge: update enum type name for consistency
2020-01-18 14:05:24 +00:00
message
just use git_message_trailer in tests
2018-01-16 22:20:50 -08:00
network
credential: change git_cred to git_credential
2020-01-26 18:39:41 +00:00
notes
Convert usage of git_buf_free to new git_buf_dispose
2018-06-10 19:34:37 +02:00
object
tree: ensure we protect NTFS paths everywhere
2019-12-10 18:11:45 +10:00
odb
blob: add underscore to from functions
2019-06-16 00:16:49 +01:00
online
fetchhead: strip credentials from remote URL
2020-01-31 15:25:47 +01:00
pack
tests: pack: add missing asserts around git_packbuilder_write
2020-01-09 12:22:28 +01:00
patch
patch_parse: fix out-of-bounds reads caused by integer underflow
2019-11-28 15:26:36 +01:00
path
path: support non-ascii drive letters on dos
2019-12-10 18:11:45 +10:00
perf
tests: perf: build but exclude performance tests by default
2018-01-03 11:50:39 +00:00
rebase
Merge pull request #4913 from implausible/feature/signing-rebase-commits
2019-08-09 09:01:56 +02:00
refs
refs: refuse to delete HEAD
2020-01-15 13:55:58 -08:00
remote
tests: remote: add test suite to test listing remotes
2019-07-21 15:17:15 +02:00
repo
Do not return free'd git_repository object on error
2020-01-16 17:53:50 +01:00
reset
fileops: rename to "futils.h" to match function signatures
2019-07-20 19:11:20 +02:00
resources
refs: refuse to delete HEAD
2020-01-15 13:55:58 -08:00
revert
fileops: rename to "futils.h" to match function signatures
2019-07-20 19:11:20 +02:00
revwalk
revwalk: fix memory leak in error handling
2019-05-10 12:27:47 +02:00
stash
reflog: allow adding entries with newlines in their message
2019-10-18 11:30:13 +02:00
status
fileops: rename to "futils.h" to match function signatures
2019-07-20 19:11:20 +02:00
stream
deprecation: define GIT_DEPRECATE_HARD internally
2019-01-25 09:06:50 +00:00
stress
Convert usage of git_buf_free to new git_buf_dispose
2018-06-10 19:34:37 +02:00
submodule
tests: submodule: verify setup of relative URLs
2020-01-06 15:41:18 +01:00
threads
git_error: use new names in internal APIs and usage
2019-01-22 22:30:35 +00:00
trace
tests: trace: fix parameter type of aux callback
2019-07-05 11:38:11 +02:00
transport
Update tests
2018-03-19 16:08:01 -07:00
transports/smart
smart_pkt: reorder and rename parameters of git_pkt_parse_line
2018-10-03 16:09:38 +02:00
win32
fileops: rename to "futils.h" to match function signatures
2019-07-20 19:11:20 +02:00
worktree
worktree: use size_t in tests
2019-06-24 14:58:40 +01:00
clar_libgit2_timer.c
clar_libgit2_timer.h
clar_libgit2_trace.c
tests: support CLAR_TRACE_LEVEL
2020-01-24 10:16:36 -06:00
clar_libgit2_trace.h
clar_libgit2.c
git_error: use new names in internal APIs and usage
2019-01-22 22:30:35 +00:00
clar_libgit2.h
cl_git_fail: do not report bogus error message
2019-12-10 18:01:06 +10:00
clar.c
clar: provide ability to set summary file via environment
2019-07-20 19:10:10 +02:00
clar.h
clar: use size_t to keep track of current line number
2019-07-05 11:31:52 +02:00
CMakeLists.txt
ci: add NTLM tests
2020-01-24 10:39:56 -06:00
generate.py
tests: fix undercounting of suites
2019-07-18 14:29:43 +02:00
main.c
clar: provide a way to run some shell before exiting
2018-10-30 22:32:23 +01:00
precompiled.c
precompiled.h
README.md
Add memleak check docs
2019-06-12 00:05:46 +01:00
valgrind-supp-mac.txt
git_error: use new names in internal APIs and usage
2019-01-22 22:30:35 +00:00

README.md

Writing Clar tests for libgit2

For information on the Clar testing framework and a detailed introduction please visit:

https://github.com/vmg/clar

  • Write your modules and tests. Use good, meaningful names.

  • Make sure you actually build the tests by setting:

      cmake -DBUILD_CLAR=ON build/

  • Test:

      ./build/libgit2_clar

  • Make sure everything is fine.

  • Send your pull request. That's it.

Memory leak checks

These are automatically run as part of CI, but if you want to check locally:

Linux

Uses valgrind:

$ cmake -DBUILD_CLAR=ON -DVALGRIND=ON ..
$ cmake --build .
$ valgrind --leak-check=full --show-reachable=yes --num-callers=50 --suppressions=../libgit2_clar.supp \
  ./libgit2_clar

macOS

Uses leaks, which requires XCode installed:

$ MallocStackLogging=1 MallocScribble=1 MallocLogFile=/dev/null CLAR_AT_EXIT="leaks -quiet \$PPID" \
  ./libgit2_clar
Reference in New Issue View Git Blame Copy Permalink