aboutsummaryrefslogtreecommitdiff
path: root/t/t5551-http-fetch-smart.sh
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2016-12-19 14:45:31 -0800
committerJunio C Hamano <gitster@pobox.com>2016-12-19 14:45:32 -0800
commit8a2882f23ecce3a8742743555a408e508d4db806 (patch)
tree3e543652bc74d5401d6c3858410ad434ae02451a /t/t5551-http-fetch-smart.sh
parent73e494f86239b7edcf44f4c185c997b05c0e763b (diff)
parentcb4d2d35c4622ec2513c1c352d30ff8f9f9cdb9e (diff)
downloadgit-8a2882f23ecce3a8742743555a408e508d4db806.tar.gz
git-8a2882f23ecce3a8742743555a408e508d4db806.tar.xz
Merge branch 'jk/http-walker-limit-redirect-2.9'
Transport with dumb http can be fooled into following foreign URLs that the end user does not intend to, especially with the server side redirects and http-alternates mechanism, which can lead to security issues. Tighten the redirection and make it more obvious to the end user when it happens. * jk/http-walker-limit-redirect-2.9: http: treat http-alternates like redirects http: make redirects more obvious remote-curl: rename shadowed options variable http: always update the base URL for redirects http: simplify update_url_from_redirect
Diffstat (limited to 't/t5551-http-fetch-smart.sh')
-rwxr-xr-xt/t5551-http-fetch-smart.sh4
1 files changed, 4 insertions, 0 deletions
diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh
index 1ec5b2747..6e5b9e42f 100755
--- a/t/t5551-http-fetch-smart.sh
+++ b/t/t5551-http-fetch-smart.sh
@@ -119,6 +119,10 @@ test_expect_success 'redirects re-root further requests' '
git clone $HTTPD_URL/smart-redir-limited/repo.git repo-redir-limited
'
+test_expect_success 're-rooting dies on insane schemes' '
+ test_must_fail git clone $HTTPD_URL/insane-redir/repo.git insane
+'
+
test_expect_success 'clone from password-protected repository' '
echo two >expect &&
set_askpass user@host pass@host &&