From 863f8067d8b4012904ca3bb881c659ac9894df97 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Mon, 27 Apr 2020 14:36:03 +0800 Subject: [PATCH 04/12] t0300: make "quit" helper more realistic We test a toy credential helper that writes "quit=1" and confirms that we stop running other helpers. However, that helper is unrealistic in that it does not bother to read its stdin at all. For now we don't send any input to it, because we feed git-credential a blank credential. But that will change in the next patch, which will cause this test to racily fail, as git-credential will get SIGPIPE writing to the helper rather than exiting because it was asked to. Let's make this one-off helper more like our other sample helpers, and have it source the "dump" script. That will read stdin, fixing the SIGPIPE problem. But it will also write what it sees to stderr. We can make the test more robust by checking that output, which confirms that we do run the quit helper, don't run any other helpers, and exit for the reason we expected. Signed-off-by: Jeff King Signed-off-by: Jonathan Nieder Upstream-Status: Backport CVE: CVE-2020-11008 (1) Signed-off-by: Li Zhou --- t/t0300-credentials.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh index b9c0f1f..0206b3b 100755 --- a/t/t0300-credentials.sh +++ b/t/t0300-credentials.sh @@ -22,6 +22,11 @@ test_expect_success 'setup helper scripts' ' exit 0 EOF + write_script git-credential-quit <<-\EOF && + . ./dump + echo quit=1 + EOF + write_script git-credential-verbatim <<-\EOF && user=$1; shift pass=$1; shift @@ -291,10 +296,16 @@ test_expect_success 'http paths can be part of context' ' test_expect_success 'helpers can abort the process' ' test_must_fail git \ - -c credential.helper="!f() { echo quit=1; }; f" \ + -c credential.helper=quit \ -c credential.helper="verbatim foo bar" \ - credential fill >stdout && - test_must_be_empty stdout + credential fill >stdout 2>stderr && + >expect && + test_cmp expect stdout && + cat >expect <<-\EOF && + quit: get + fatal: credential helper '\''quit'\'' told us to quit + EOF + test_i18ncmp expect stderr ' test_expect_success 'empty helper spec resets helper list' ' -- 1.9.1