recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
fork atom
phorge / src / applications / diffusion / protocol / __tests__ / DiffusionCommandEngineTestCase.php
at recaptime-dev/main 211 lines 5.1 kB view raw
epriestley Filter and reject "--config" and "--debugger" flags to Mercurial in any position
a7921a44
1<?php 2 3final class DiffusionCommandEngineTestCase extends PhabricatorTestCase { 4 5 public function testCommandEngine() { 6 $type_git = PhabricatorRepositoryType::REPOSITORY_TYPE_GIT; 7 $type_hg = PhabricatorRepositoryType::REPOSITORY_TYPE_MERCURIAL; 8 $type_svn = PhabricatorRepositoryType::REPOSITORY_TYPE_SVN; 9 10 $root = dirname(phutil_get_library_root('phabricator')); 11 $ssh_wrapper = $root.'/bin/ssh-connect'; 12 $home = $root.'/support/empty/'; 13 14 15 // Plain commands. 16 17 $this->assertCommandEngineFormat( 18 'git xyz', 19 array( 20 'LANG' => 'en_US.UTF-8', 21 'HOME' => $home, 22 ), 23 array( 24 'vcs' => $type_git, 25 'argv' => 'xyz', 26 )); 27 28 $this->assertCommandEngineFormat( 29 (string)csprintf('hg --config ui.ssh=%s xyz', $ssh_wrapper), 30 array( 31 'LANG' => 'en_US.UTF-8', 32 'HGPLAIN' => '1', 33 ), 34 array( 35 'vcs' => $type_hg, 36 'argv' => 'xyz', 37 )); 38 39 $this->assertCommandEngineFormat( 40 'svn --non-interactive xyz', 41 array( 42 'LANG' => 'en_US.UTF-8', 43 ), 44 array( 45 'vcs' => $type_svn, 46 'argv' => 'xyz', 47 )); 48 49 50 // Commands with SSH. 51 52 $this->assertCommandEngineFormat( 53 'git xyz', 54 array( 55 'LANG' => 'en_US.UTF-8', 56 'HOME' => $home, 57 'GIT_SSH' => $ssh_wrapper, 58 ), 59 array( 60 'vcs' => $type_git, 61 'argv' => 'xyz', 62 'protocol' => 'ssh', 63 )); 64 65 $this->assertCommandEngineFormat( 66 (string)csprintf('hg --config ui.ssh=%s xyz', $ssh_wrapper), 67 array( 68 'LANG' => 'en_US.UTF-8', 69 'HGPLAIN' => '1', 70 ), 71 array( 72 'vcs' => $type_hg, 73 'argv' => 'xyz', 74 'protocol' => 'ssh', 75 )); 76 77 $this->assertCommandEngineFormat( 78 'svn --non-interactive xyz', 79 array( 80 'LANG' => 'en_US.UTF-8', 81 'SVN_SSH' => $ssh_wrapper, 82 ), 83 array( 84 'vcs' => $type_svn, 85 'argv' => 'xyz', 86 'protocol' => 'ssh', 87 )); 88 89 90 // Commands with HTTP. 91 92 $this->assertCommandEngineFormat( 93 'git xyz', 94 array( 95 'LANG' => 'en_US.UTF-8', 96 'HOME' => $home, 97 ), 98 array( 99 'vcs' => $type_git, 100 'argv' => 'xyz', 101 'protocol' => 'https', 102 )); 103 104 $this->assertCommandEngineFormat( 105 (string)csprintf('hg --config ui.ssh=%s xyz', $ssh_wrapper), 106 array( 107 'LANG' => 'en_US.UTF-8', 108 'HGPLAIN' => '1', 109 ), 110 array( 111 'vcs' => $type_hg, 112 'argv' => 'xyz', 113 'protocol' => 'https', 114 )); 115 116 $this->assertCommandEngineFormat( 117 'svn --non-interactive --no-auth-cache --trust-server-cert xyz', 118 array( 119 'LANG' => 'en_US.UTF-8', 120 ), 121 array( 122 'vcs' => $type_svn, 123 'argv' => 'xyz', 124 'protocol' => 'https', 125 )); 126 127 // Test that filtering defenses for "--config" and "--debugger" flag 128 // injections in Mercurial are functional. See T13012. 129 130 $caught = null; 131 try { 132 $this->assertCommandEngineFormat( 133 '', 134 array(), 135 array( 136 'vcs' => $type_hg, 137 'argv' => '--debugger', 138 )); 139 } catch (DiffusionMercurialFlagInjectionException $ex) { 140 $caught = $ex; 141 } 142 143 $this->assertTrue( 144 ($caught instanceof DiffusionMercurialFlagInjectionException), 145 pht('Expected "--debugger" injection in Mercurial to throw.')); 146 147 148 $caught = null; 149 try { 150 $this->assertCommandEngineFormat( 151 '', 152 array(), 153 array( 154 'vcs' => $type_hg, 155 'argv' => '--config=x', 156 )); 157 } catch (DiffusionMercurialFlagInjectionException $ex) { 158 $caught = $ex; 159 } 160 161 $this->assertTrue( 162 ($caught instanceof DiffusionMercurialFlagInjectionException), 163 pht('Expected "--config" injection in Mercurial to throw.')); 164 165 $caught = null; 166 try { 167 $this->assertCommandEngineFormat( 168 '', 169 array(), 170 array( 171 'vcs' => $type_hg, 172 'argv' => (string)csprintf('%s', '--config=x'), 173 )); 174 } catch (DiffusionMercurialFlagInjectionException $ex) { 175 $caught = $ex; 176 } 177 178 $this->assertTrue( 179 ($caught instanceof DiffusionMercurialFlagInjectionException), 180 pht('Expected quoted "--config" injection in Mercurial to throw.')); 181 182 } 183 184 private function assertCommandEngineFormat( 185 $command, 186 array $env, 187 array $inputs) { 188 189 $repository = id(new PhabricatorRepository()) 190 ->setVersionControlSystem($inputs['vcs']); 191 192 $future = DiffusionCommandEngine::newCommandEngine($repository) 193 ->setArgv((array)$inputs['argv']) 194 ->setProtocol(idx($inputs, 'protocol')) 195 ->newFuture(); 196 197 $command_string = $future->getCommand(); 198 199 $actual_command = $command_string->getUnmaskedString(); 200 $this->assertEqual($command, $actual_command); 201 202 $actual_environment = $future->getEnv(); 203 204 $compare_environment = array_select_keys( 205 $actual_environment, 206 array_keys($env)); 207 208 $this->assertEqual($env, $compare_environment); 209 } 210 211}