Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deny git access to nested server root #1278

Merged
merged 14 commits into from
Dec 5, 2023
Prev Previous commit
Next Next commit
Replace test for new case
Zxun2 committed Nov 20, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 5519cc2639717be7a210518f93e50dabd60bd25e
23 changes: 3 additions & 20 deletions jupyterlab_git/tests/test_handlers.py
Original file line number Diff line number Diff line change
@@ -116,32 +116,23 @@ async def test_git_show_prefix(mock_execute, jp_fetch, jp_root_dir):

@patch("jupyterlab_git.git.execute")
async def test_git_show_prefix_nested_directory(mock_execute, jp_fetch, jp_root_dir):
# Given
path = "path/to/repo"

local_path = jp_root_dir / "test_path"

mock_execute.return_value = maybe_future((0, str(path), ""))

mock_execute.return_value = maybe_future((0, f"{jp_root_dir.name}/", ""))
# When
response = await jp_fetch(
NAMESPACE,
local_path.name + "/subfolder",
"show_prefix",
body="{}",
method="POST",
)

# Then
assert response.code == 200
payload = json.loads(response.body)
assert payload["path"] == str(path)

assert payload["path"] is None
mock_execute.assert_has_calls(
[
call(
["git", "rev-parse", "--show-prefix"],
cwd=str(local_path / "subfolder"),
cwd=str(jp_root_dir),
Zxun2 marked this conversation as resolved.
Show resolved Hide resolved
timeout=20,
env=None,
username=None,
@@ -151,14 +142,6 @@ async def test_git_show_prefix_nested_directory(mock_execute, jp_fetch, jp_root_
]
)

try:
Path(path).absolute().relative_to(Path(local_path).absolute())
except ValueError:
# pass the test if the path is not a subdirectory of the root directory
pass
else:
assert False, "The path should not be a subdirectory of the root directory"


async def test_git_show_prefix_for_excluded_path(
jp_fetch, jp_server_config, jp_root_dir