Skip to content

Commit

Permalink
Mark unsafe-options "allowed" tests xfail on Windows
Browse files Browse the repository at this point in the history
The tests of unsafe options are among those introduced originally
in gitpython-developers#1521. They are regression tests for gitpython-developers#1515 (CVE-2022-24439).
The unsafe options tests are paired: a test for the usual, default
behavior of forbidding the option, and a test for the behavior when
the option is explicitly allowed. In each such pair, both tests use
a payload that is intended to produce the side effect of a file of
a specific name being created in a temporary directory.

All the tests work on Unix-like systems. On Windows, the tests of
the *allowed* cases are broken, and this commit marks them xfail.
However, this has implications for the tests of the default, secure
behavior, because until the "allowed" versions work on Windows, it
will be unclear if either are using a payload that is effective and
that corresponds to the way its effect is examined. (Fortunately,
all are working on other OSes, and the affected code under test
does not appear highly dependent on OS, so the fix is *probably*
fully working on Windows as well.)
  • Loading branch information
EliahKagan committed Nov 16, 2023
1 parent 845b93d commit 9bec3ee
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 0 deletions.
27 changes: 27 additions & 0 deletions test/test_remote.py
Original file line number Diff line number Diff line change
Expand Up @@ -831,6 +831,15 @@ def test_fetch_unsafe_options(self, rw_repo):
remote.fetch(**unsafe_option)
assert not tmp_file.exists()

@pytest.mark.xfail(
os.name == "nt",
reason=(
"File not created. A separate Windows command may be needed. This and the "
"currently passing test test_fetch_unsafe_options must be adjusted in the "
"same way. Until then, test_fetch_unsafe_options is unreliable on Windows."
),
raises=AssertionError,
)
@with_rw_repo("HEAD")
def test_fetch_unsafe_options_allowed(self, rw_repo):
with tempfile.TemporaryDirectory() as tdir:
Expand Down Expand Up @@ -890,6 +899,15 @@ def test_pull_unsafe_options(self, rw_repo):
remote.pull(**unsafe_option)
assert not tmp_file.exists()

@pytest.mark.xfail(
os.name == "nt",
reason=(
"File not created. A separate Windows command may be needed. This and the "
"currently passing test test_pull_unsafe_options must be adjusted in the "
"same way. Until then, test_pull_unsafe_options is unreliable on Windows."
),
raises=AssertionError,
)
@with_rw_repo("HEAD")
def test_pull_unsafe_options_allowed(self, rw_repo):
with tempfile.TemporaryDirectory() as tdir:
Expand Down Expand Up @@ -955,6 +973,15 @@ def test_push_unsafe_options(self, rw_repo):
remote.push(**unsafe_option)
assert not tmp_file.exists()

@pytest.mark.xfail(
os.name == "nt",
reason=(
"File not created. A separate Windows command may be needed. This and the "
"currently passing test test_push_unsafe_options must be adjusted in the "
"same way. Until then, test_push_unsafe_options is unreliable on Windows."
),
raises=AssertionError,
)
@with_rw_repo("HEAD")
def test_push_unsafe_options_allowed(self, rw_repo):
with tempfile.TemporaryDirectory() as tdir:
Expand Down
18 changes: 18 additions & 0 deletions test/test_repo.py
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,15 @@ def test_clone_unsafe_options(self, rw_repo):
rw_repo.clone(tmp_dir, **unsafe_option)
assert not tmp_file.exists()

@pytest.mark.xfail(
os.name == "nt",
reason=(
"File not created. A separate Windows command may be needed. This and the "
"currently passing test test_clone_unsafe_options must be adjusted in the "
"same way. Until then, test_clone_unsafe_options is unreliable on Windows."
),
raises=AssertionError,
)
@with_rw_repo("HEAD")
def test_clone_unsafe_options_allowed(self, rw_repo):
with tempfile.TemporaryDirectory() as tdir:
Expand Down Expand Up @@ -364,6 +373,15 @@ def test_clone_from_unsafe_options(self, rw_repo):
Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option)
assert not tmp_file.exists()

@pytest.mark.xfail(
os.name == "nt",
reason=(
"File not created. A separate Windows command may be needed. This and the "
"currently passing test test_clone_from_unsafe_options must be adjusted in the "
"same way. Until then, test_clone_from_unsafe_options is unreliable on Windows."
),
raises=AssertionError,
)
@with_rw_repo("HEAD")
def test_clone_from_unsafe_options_allowed(self, rw_repo):
with tempfile.TemporaryDirectory() as tdir:
Expand Down

0 comments on commit 9bec3ee

Please sign in to comment.