Spaces:
Paused
Paused
File size: 4,454 Bytes
b5b9c2e | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 | """Security-focused integration tests for CLI worktree setup."""
import subprocess
from pathlib import Path
import pytest
@pytest.fixture
def git_repo(tmp_path):
"""Create a temporary git repo for testing real cli._setup_worktree behavior."""
repo = tmp_path / "test-repo"
repo.mkdir()
subprocess.run(["git", "init"], cwd=repo, check=True, capture_output=True)
subprocess.run(["git", "config", "user.email", "test@test.com"], cwd=repo, check=True, capture_output=True)
subprocess.run(["git", "config", "user.name", "Test"], cwd=repo, check=True, capture_output=True)
(repo / "README.md").write_text("# Test Repo\n")
subprocess.run(["git", "add", "."], cwd=repo, check=True, capture_output=True)
subprocess.run(["git", "commit", "-m", "Initial commit"], cwd=repo, check=True, capture_output=True)
return repo
def _force_remove_worktree(info: dict | None) -> None:
if not info:
return
subprocess.run(
["git", "worktree", "remove", info["path"], "--force"],
cwd=info["repo_root"],
capture_output=True,
check=False,
)
subprocess.run(
["git", "branch", "-D", info["branch"]],
cwd=info["repo_root"],
capture_output=True,
check=False,
)
class TestWorktreeIncludeSecurity:
def test_rejects_parent_directory_file_traversal(self, git_repo):
import cli as cli_mod
outside_file = git_repo.parent / "sensitive.txt"
outside_file.write_text("SENSITIVE DATA")
(git_repo / ".worktreeinclude").write_text("../sensitive.txt\n")
info = None
try:
info = cli_mod._setup_worktree(str(git_repo))
assert info is not None
wt_path = Path(info["path"])
assert not (wt_path.parent / "sensitive.txt").exists()
assert not (wt_path / "../sensitive.txt").resolve().exists()
finally:
_force_remove_worktree(info)
def test_rejects_parent_directory_directory_traversal(self, git_repo):
import cli as cli_mod
outside_dir = git_repo.parent / "outside-dir"
outside_dir.mkdir()
(outside_dir / "secret.txt").write_text("SENSITIVE DIR DATA")
(git_repo / ".worktreeinclude").write_text("../outside-dir\n")
info = None
try:
info = cli_mod._setup_worktree(str(git_repo))
assert info is not None
wt_path = Path(info["path"])
escaped_dir = wt_path.parent / "outside-dir"
assert not escaped_dir.exists()
assert not escaped_dir.is_symlink()
finally:
_force_remove_worktree(info)
def test_rejects_symlink_that_resolves_outside_repo(self, git_repo):
import cli as cli_mod
outside_file = git_repo.parent / "linked-secret.txt"
outside_file.write_text("LINKED SECRET")
(git_repo / "leak.txt").symlink_to(outside_file)
(git_repo / ".worktreeinclude").write_text("leak.txt\n")
info = None
try:
info = cli_mod._setup_worktree(str(git_repo))
assert info is not None
assert not (Path(info["path"]) / "leak.txt").exists()
finally:
_force_remove_worktree(info)
def test_allows_valid_file_include(self, git_repo):
import cli as cli_mod
(git_repo / ".env").write_text("SECRET=***\n")
(git_repo / ".worktreeinclude").write_text(".env\n")
info = None
try:
info = cli_mod._setup_worktree(str(git_repo))
assert info is not None
copied = Path(info["path"]) / ".env"
assert copied.exists()
assert copied.read_text() == "SECRET=***\n"
finally:
_force_remove_worktree(info)
def test_allows_valid_directory_include(self, git_repo):
import cli as cli_mod
assets_dir = git_repo / ".venv" / "lib"
assets_dir.mkdir(parents=True)
(assets_dir / "marker.txt").write_text("venv marker")
(git_repo / ".worktreeinclude").write_text(".venv\n")
info = None
try:
info = cli_mod._setup_worktree(str(git_repo))
assert info is not None
linked_dir = Path(info["path"]) / ".venv"
assert linked_dir.is_symlink()
assert (linked_dir / "lib" / "marker.txt").read_text() == "venv marker"
finally:
_force_remove_worktree(info)
|