From: "Johannes Schindelin via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Derrick Stolee <derrickstolee@github.com>,
Johannes Schindelin <johannes.schindelin@gmx.de>,
Johannes Schindelin <johannes.schindelin@gmx.de>
Subject: [PATCH 1/2] t5516/t5601: avoid using `localhost` for failing HTTPS requests
Date: Mon, 31 Oct 2022 19:47:17 +0000 [thread overview]
Message-ID: <25cc0f6d91a9d23eb1b755e1463d672e4958a4e9.1667245639.git.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.1399.git.1667245638.gitgitgadget@gmail.com>
From: Johannes Schindelin <johannes.schindelin@gmx.de>
In 6dcbdc0d6616 (remote: create fetch.credentialsInUrl config,
2022-06-06), we added four test cases that validate various behavior
around passing credentials as part of the URL (which is considered
unsafe in general).
These tests do not _actually_ try to connect anywhere, but have to use
the https:// protocol in order to validate the intended code paths.
However, using `localhost` for such a connection causes several
problems:
- There might be a web server running on localhost, and we do not
actually want to connect to that.
- The DNS resolver, or the local firewall, might take a substantial
amount of time (or forever, whichever comes first) to fail to connect,
slowing down the test cases unnecessarily.
Let's instead use an IPv4 address that is guaranteed never to offer a
web server: 224.0.0.1 (which is part of the IP multicast range).
Incidentally, this seems to fix an issue where the tests fail in the
Windows jobs of Git's CI builds.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
t/t5516-fetch-push.sh | 18 +++++++++---------
t/t5601-clone.sh | 10 +++++-----
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/t/t5516-fetch-push.sh b/t/t5516-fetch-push.sh
index 79dc470c014..8dd4610a8c2 100755
--- a/t/t5516-fetch-push.sh
+++ b/t/t5516-fetch-push.sh
@@ -1854,32 +1854,32 @@ test_expect_success 'refuse to push a hidden ref, and make sure do not pollute t
'
test_expect_success LIBCURL 'fetch warns or fails when using username:password' '
- message="URL '\''https://username:<redacted>@localhost/'\'' uses plaintext credentials" &&
- test_must_fail git -c transfer.credentialsInUrl=allow fetch https://username:password@localhost 2>err &&
+ message="URL '\''https://username:<redacted>@224.0.0.1/'\'' uses plaintext credentials" &&
+ test_must_fail git -c transfer.credentialsInUrl=allow fetch https://username:password@224.0.0.1 2>err &&
! grep "$message" err &&
- test_must_fail git -c transfer.credentialsInUrl=warn fetch https://username:password@localhost 2>err &&
+ test_must_fail git -c transfer.credentialsInUrl=warn fetch https://username:password@224.0.0.1 2>err &&
grep "warning: $message" err >warnings &&
test_line_count = 3 warnings &&
- test_must_fail git -c transfer.credentialsInUrl=die fetch https://username:password@localhost 2>err &&
+ test_must_fail git -c transfer.credentialsInUrl=die fetch https://username:password@224.0.0.1 2>err &&
grep "fatal: $message" err >warnings &&
test_line_count = 1 warnings &&
- test_must_fail git -c transfer.credentialsInUrl=die fetch https://username:@localhost 2>err &&
+ test_must_fail git -c transfer.credentialsInUrl=die fetch https://username:@224.0.0.1 2>err &&
grep "fatal: $message" err >warnings &&
test_line_count = 1 warnings
'
test_expect_success LIBCURL 'push warns or fails when using username:password' '
- message="URL '\''https://username:<redacted>@localhost/'\'' uses plaintext credentials" &&
- test_must_fail git -c transfer.credentialsInUrl=allow push https://username:password@localhost 2>err &&
+ message="URL '\''https://username:<redacted>@224.0.0.1/'\'' uses plaintext credentials" &&
+ test_must_fail git -c transfer.credentialsInUrl=allow push https://username:password@224.0.0.1 2>err &&
! grep "$message" err &&
- test_must_fail git -c transfer.credentialsInUrl=warn push https://username:password@localhost 2>err &&
+ test_must_fail git -c transfer.credentialsInUrl=warn push https://username:password@224.0.0.1 2>err &&
grep "warning: $message" err >warnings &&
- test_must_fail git -c transfer.credentialsInUrl=die push https://username:password@localhost 2>err &&
+ test_must_fail git -c transfer.credentialsInUrl=die push https://username:password@224.0.0.1 2>err &&
grep "fatal: $message" err >warnings &&
test_line_count = 1 warnings
'
diff --git a/t/t5601-clone.sh b/t/t5601-clone.sh
index 45f0803ed4d..0b386c74818 100755
--- a/t/t5601-clone.sh
+++ b/t/t5601-clone.sh
@@ -72,19 +72,19 @@ test_expect_success 'clone respects GIT_WORK_TREE' '
'
test_expect_success LIBCURL 'clone warns or fails when using username:password' '
- message="URL '\''https://username:<redacted>@localhost/'\'' uses plaintext credentials" &&
- test_must_fail git -c transfer.credentialsInUrl=allow clone https://username:password@localhost attempt1 2>err &&
+ message="URL '\''https://username:<redacted>@224.0.0.1/'\'' uses plaintext credentials" &&
+ test_must_fail git -c transfer.credentialsInUrl=allow clone https://username:password@224.0.0.1 attempt1 2>err &&
! grep "$message" err &&
- test_must_fail git -c transfer.credentialsInUrl=warn clone https://username:password@localhost attempt2 2>err &&
+ test_must_fail git -c transfer.credentialsInUrl=warn clone https://username:password@224.0.0.1 attempt2 2>err &&
grep "warning: $message" err >warnings &&
test_line_count = 2 warnings &&
- test_must_fail git -c transfer.credentialsInUrl=die clone https://username:password@localhost attempt3 2>err &&
+ test_must_fail git -c transfer.credentialsInUrl=die clone https://username:password@224.0.0.1 attempt3 2>err &&
grep "fatal: $message" err >warnings &&
test_line_count = 1 warnings &&
- test_must_fail git -c transfer.credentialsInUrl=die clone https://username:@localhost attempt3 2>err &&
+ test_must_fail git -c transfer.credentialsInUrl=die clone https://username:@224.0.0.1 attempt3 2>err &&
grep "fatal: $message" err >warnings &&
test_line_count = 1 warnings
'
--
gitgitgadget
next prev parent reply other threads:[~2022-10-31 19:47 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-31 19:47 [PATCH 0/2] t5516/t5601: avoid using localhost for failing HTTPS requests Johannes Schindelin via GitGitGadget
2022-10-31 19:47 ` Johannes Schindelin via GitGitGadget [this message]
2022-10-31 20:49 ` [PATCH 1/2] t5516/t5601: avoid using `localhost` " Ævar Arnfjörð Bjarmason
2022-10-31 23:20 ` Jeff King
2022-11-01 0:59 ` Taylor Blau
2022-11-01 2:28 ` Jeff King
2022-11-01 2:03 ` Jeff King
2022-11-01 2:25 ` Jeff King
2022-11-01 2:26 ` [PATCH 1/2] t5516: move plaintext-password tests from t5601 and t5516 Jeff King
2022-11-01 3:18 ` Ævar Arnfjörð Bjarmason
2022-11-01 7:32 ` Jeff King
2022-11-01 20:37 ` Taylor Blau
2022-11-01 2:26 ` [PATCH 2/2] t5516/t5601: be less strict about the number of credential warnings Jeff King
2022-11-01 3:29 ` Ævar Arnfjörð Bjarmason
2022-11-01 7:39 ` Jeff King
2022-11-01 8:15 ` Ævar Arnfjörð Bjarmason
2022-11-01 9:12 ` Jeff King
2022-11-01 14:05 ` Ævar Arnfjörð Bjarmason
2022-11-01 4:54 ` Junio C Hamano
2022-11-01 7:42 ` Jeff King
2022-11-01 20:50 ` Taylor Blau
2022-10-31 19:47 ` Johannes Schindelin via GitGitGadget
2022-10-31 23:22 ` Jeff King
2022-11-01 0:57 ` Taylor Blau
2022-11-01 2:27 ` Jeff King
2022-10-31 20:47 ` [RFC PATCH] fetch: stop emitting duplicate transfer.credentialsInUrl=warn warnings Ævar Arnfjörð Bjarmason
2022-11-01 1:06 ` Taylor Blau
2022-11-01 2:32 ` Jeff King
2022-11-01 3:01 ` Ævar Arnfjörð Bjarmason
2022-11-01 20:54 ` Taylor Blau
2022-11-01 22:17 ` Ævar Arnfjörð Bjarmason
2022-11-02 0:53 ` Taylor Blau
2022-11-02 8:42 ` [PATCH v3 2/2] t5551: be less strict about the number of credential warnings Jeff King
2022-11-02 8:49 ` Eric Sunshine
2022-11-02 9:15 ` Jeff King
2022-11-02 9:31 ` Eric Sunshine
2022-11-02 9:18 ` Jeff King
2022-11-03 1:31 ` Taylor Blau
2022-11-01 9:35 ` [RFC PATCH] fetch: stop emitting duplicate transfer.credentialsInUrl=warn warnings Jeff King
2022-11-01 13:07 ` Ævar Arnfjörð Bjarmason
2022-11-01 21:00 ` Taylor Blau
2022-11-01 21:57 ` Ævar Arnfjörð Bjarmason
2022-11-02 8:19 ` Jeff King
2022-11-04 9:01 ` Ævar Arnfjörð Bjarmason
2022-11-04 13:16 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=25cc0f6d91a9d23eb1b755e1463d672e4958a4e9.1667245639.git.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=derrickstolee@github.com \
--cc=git@vger.kernel.org \
--cc=johannes.schindelin@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).