From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: Johannes Schindelin via GitGitGadget <gitgitgadget@gmail.com>
Cc: git@vger.kernel.org, Derrick Stolee <derrickstolee@github.com>,
Johannes Schindelin <johannes.schindelin@gmx.de>
Subject: Re: [PATCH 1/2] t5516/t5601: avoid using `localhost` for failing HTTPS requests
Date: Mon, 31 Oct 2022 21:49:55 +0100 [thread overview]
Message-ID: <221031.86v8nz67jn.gmgdl@evledraar.gmail.com> (raw)
In-Reply-To: <25cc0f6d91a9d23eb1b755e1463d672e4958a4e9.1667245639.git.gitgitgadget@gmail.com>
On Mon, Oct 31 2022, Johannes Schindelin via GitGitGadget wrote:
> From: Johannes Schindelin <johannes.schindelin@gmx.de>
>
> In 6dcbdc0d6616 (remote: create fetch.credentialsInUrl config,
> 2022-06-06), we added four test cases that validate various behavior
> around passing credentials as part of the URL (which is considered
> unsafe in general).
>
> These tests do not _actually_ try to connect anywhere, but have to use
> the https:// protocol in order to validate the intended code paths.
>
> However, using `localhost` for such a connection causes several
> problems:
>
> - There might be a web server running on localhost, and we do not
> actually want to connect to that.
>
> - The DNS resolver, or the local firewall, might take a substantial
> amount of time (or forever, whichever comes first) to fail to connect,
> slowing down the test cases unnecessarily.
>
> Let's instead use an IPv4 address that is guaranteed never to offer a
> web server: 224.0.0.1 (which is part of the IP multicast range).
>
> Incidentally, this seems to fix an issue where the tests fail in the
> Windows jobs of Git's CI builds.
> [...]
> diff --git a/t/t5601-clone.sh b/t/t5601-clone.sh
> index 45f0803ed4d..0b386c74818 100755
> --- a/t/t5601-clone.sh
> +++ b/t/t5601-clone.sh
> @@ -72,19 +72,19 @@ test_expect_success 'clone respects GIT_WORK_TREE' '
> '
>
> test_expect_success LIBCURL 'clone warns or fails when using username:password' '
> - message="URL '\''https://username:<redacted>@localhost/'\'' uses plaintext credentials" &&
> - test_must_fail git -c transfer.credentialsInUrl=allow clone https://username:password@localhost attempt1 2>err &&
> + message="URL '\''https://username:<redacted>@224.0.0.1/'\'' uses plaintext credentials" &&
> + test_must_fail git -c transfer.credentialsInUrl=allow clone https://username:password@224.0.0.1 attempt1 2>err &&
> ! grep "$message" err &&
>
> - test_must_fail git -c transfer.credentialsInUrl=warn clone https://username:password@localhost attempt2 2>err &&
> + test_must_fail git -c transfer.credentialsInUrl=warn clone https://username:password@224.0.0.1 attempt2 2>err &&
> grep "warning: $message" err >warnings &&
> test_line_count = 2 warnings &&
>
> - test_must_fail git -c transfer.credentialsInUrl=die clone https://username:password@localhost attempt3 2>err &&
> + test_must_fail git -c transfer.credentialsInUrl=die clone https://username:password@224.0.0.1 attempt3 2>err &&
> grep "fatal: $message" err >warnings &&
> test_line_count = 1 warnings &&
>
> - test_must_fail git -c transfer.credentialsInUrl=die clone https://username:@localhost attempt3 2>err &&
> + test_must_fail git -c transfer.credentialsInUrl=die clone https://username:@224.0.0.1 attempt3 2>err &&
> grep "fatal: $message" err >warnings &&
> test_line_count = 1 warnings
> '
For this one one at least, it eventually gets around to setting up an
actual httpd server with cloning etc. from $HTTPD_URL.
Can't we just do that for both of these tests rather than the the
224.0.0.0 hack? I.e. the root cause is that we're cleverly faking a
not-a-server here, and now we're going to add another somewhat clever
hack on top.
but since the test coverage is for https:// anyway, and we have other
https tests against an actual server...
next prev parent reply other threads:[~2022-10-31 20:51 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-31 19:47 [PATCH 0/2] t5516/t5601: avoid using localhost for failing HTTPS requests Johannes Schindelin via GitGitGadget
2022-10-31 19:47 ` [PATCH 1/2] t5516/t5601: avoid using `localhost` " Johannes Schindelin via GitGitGadget
2022-10-31 20:49 ` Ævar Arnfjörð Bjarmason [this message]
2022-10-31 23:20 ` Jeff King
2022-11-01 0:59 ` Taylor Blau
2022-11-01 2:28 ` Jeff King
2022-11-01 2:03 ` Jeff King
2022-11-01 2:25 ` Jeff King
2022-11-01 2:26 ` [PATCH 1/2] t5516: move plaintext-password tests from t5601 and t5516 Jeff King
2022-11-01 3:18 ` Ævar Arnfjörð Bjarmason
2022-11-01 7:32 ` Jeff King
2022-11-01 20:37 ` Taylor Blau
2022-11-01 2:26 ` [PATCH 2/2] t5516/t5601: be less strict about the number of credential warnings Jeff King
2022-11-01 3:29 ` Ævar Arnfjörð Bjarmason
2022-11-01 7:39 ` Jeff King
2022-11-01 8:15 ` Ævar Arnfjörð Bjarmason
2022-11-01 9:12 ` Jeff King
2022-11-01 14:05 ` Ævar Arnfjörð Bjarmason
2022-11-01 4:54 ` Junio C Hamano
2022-11-01 7:42 ` Jeff King
2022-11-01 20:50 ` Taylor Blau
2022-10-31 19:47 ` Johannes Schindelin via GitGitGadget
2022-10-31 23:22 ` Jeff King
2022-11-01 0:57 ` Taylor Blau
2022-11-01 2:27 ` Jeff King
2022-10-31 20:47 ` [RFC PATCH] fetch: stop emitting duplicate transfer.credentialsInUrl=warn warnings Ævar Arnfjörð Bjarmason
2022-11-01 1:06 ` Taylor Blau
2022-11-01 2:32 ` Jeff King
2022-11-01 3:01 ` Ævar Arnfjörð Bjarmason
2022-11-01 20:54 ` Taylor Blau
2022-11-01 22:17 ` Ævar Arnfjörð Bjarmason
2022-11-02 0:53 ` Taylor Blau
2022-11-02 8:42 ` [PATCH v3 2/2] t5551: be less strict about the number of credential warnings Jeff King
2022-11-02 8:49 ` Eric Sunshine
2022-11-02 9:15 ` Jeff King
2022-11-02 9:31 ` Eric Sunshine
2022-11-02 9:18 ` Jeff King
2022-11-03 1:31 ` Taylor Blau
2022-11-01 9:35 ` [RFC PATCH] fetch: stop emitting duplicate transfer.credentialsInUrl=warn warnings Jeff King
2022-11-01 13:07 ` Ævar Arnfjörð Bjarmason
2022-11-01 21:00 ` Taylor Blau
2022-11-01 21:57 ` Ævar Arnfjörð Bjarmason
2022-11-02 8:19 ` Jeff King
2022-11-04 9:01 ` Ævar Arnfjörð Bjarmason
2022-11-04 13:16 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=221031.86v8nz67jn.gmgdl@evledraar.gmail.com \
--to=avarab@gmail.com \
--cc=derrickstolee@github.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=johannes.schindelin@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).