diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-24 04:27:54 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-24 04:27:54 -0500 |
| commit | 35e4d70116c8a2a5b82eaf4b8c58889dc02cbe46 (patch) | |
| tree | e3a9a35d84d307b364741423d22221954886ff55 /tests | |
| parent | 49038c418ead0adc83ffc8fce43c0cb6da9813df (diff) | |
| download | dotemacs-35e4d70116c8a2a5b82eaf4b8c58889dc02cbe46.tar.gz dotemacs-35e4d70116c8a2a5b82eaf4b8c58889dc02cbe46.zip | |
fix(vc): harden clipboard git-clone process and path handling
cj/git-clone-clipboard-url shelled out via shell-command and derived the clone directory with file-name-nondirectory, which mishandles scp-style SSH URLs with no slash (git@host:repo.git became git@host:repo). It also ran git in default-directory and only checked whether the clone dir appeared afterward, so a failed clone was silent.
The clone now runs as a direct git process (call-process, no shell) with clone -- url dir so a URL beginning with - cannot be read as a flag. The destination path comes from cj/--git-clone-dir-name, which takes the last component splitting on / and :, handling HTTPS, scp-style and ssh:// SSH, and local paths. It validates the clipboard is non-empty and the target is a writable directory that does not already contain the destination, and surfaces a non-zero git exit as a user-error with the *git-clone* output. Tests cover the deriver across URL schemes plus the empty-clipboard and clone-failure paths.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test-vc-config--git-clone.el | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/tests/test-vc-config--git-clone.el b/tests/test-vc-config--git-clone.el new file mode 100644 index 00000000..3b39ece2 --- /dev/null +++ b/tests/test-vc-config--git-clone.el @@ -0,0 +1,88 @@ +;;; test-vc-config--git-clone.el --- Tests for clipboard git-clone hardening -*- lexical-binding: t; -*- + +;;; Commentary: +;; Unit tests for cj/--git-clone-dir-name (robust repo-dir derivation across +;; HTTPS, scp-style SSH, ssh:// and local URLs) and for cj/git-clone-clipboard-url +;; reporting a failed clone from the process exit status instead of silently +;; assuming the directory appeared. + +;;; Code: + +(require 'ert) +(require 'cl-lib) + +(add-to-list 'load-path (expand-file-name "modules" user-emacs-directory)) +(require 'vc-config) + +;;; cj/--git-clone-dir-name — Normal Cases + +(ert-deftest test-vc-git-clone-dir-name-https-with-git-suffix () + "Normal: an HTTPS URL with a .git suffix yields the bare repo name." + (should (equal "repo" + (cj/--git-clone-dir-name "https://example.com/user/repo.git")))) + +(ert-deftest test-vc-git-clone-dir-name-https-without-git-suffix () + "Normal: an HTTPS URL without a .git suffix yields the bare repo name." + (should (equal "repo" + (cj/--git-clone-dir-name "https://example.com/user/repo")))) + +(ert-deftest test-vc-git-clone-dir-name-ssh-scp-with-user () + "Normal: scp-style SSH with a user path yields the repo name." + (should (equal "repo" + (cj/--git-clone-dir-name "git@example.com:user/repo.git")))) + +(ert-deftest test-vc-git-clone-dir-name-ssh-url-scheme () + "Normal: an ssh:// URL yields the repo name." + (should (equal "repo" + (cj/--git-clone-dir-name "ssh://git@example.com/user/repo.git")))) + +;;; Boundary Cases + +(ert-deftest test-vc-git-clone-dir-name-ssh-scp-without-user () + "Boundary: scp-style SSH with no user path (host:repo.git) still works. +This is the case the old file-name-nondirectory derivation got wrong, +since there is no `/' separator." + (should (equal "repo" + (cj/--git-clone-dir-name "git@example.com:repo.git")))) + +(ert-deftest test-vc-git-clone-dir-name-local-path () + "Boundary: a local filesystem path yields the repo name." + (should (equal "repo" + (cj/--git-clone-dir-name "/home/me/src/repo.git")))) + +(ert-deftest test-vc-git-clone-dir-name-trailing-slash () + "Boundary: a trailing slash does not swallow the repo name." + (should (equal "repo" + (cj/--git-clone-dir-name "https://example.com/user/repo.git/")))) + +(ert-deftest test-vc-git-clone-dir-name-surrounding-whitespace () + "Boundary: clipboard whitespace around the URL is trimmed." + (should (equal "repo" + (cj/--git-clone-dir-name " https://example.com/user/repo.git\n")))) + +;;; cj/git-clone-clipboard-url — Error Cases + +(ert-deftest test-vc-git-clone-clipboard-url-reports-clone-failure () + "Error: a nonzero git exit status surfaces a user-error, not silence. +Uses a real writable temp dir as the target (so the file predicates run +for real) and mocks only the clone process to fail." + (let ((target (make-temp-file "cj-clone-fail-" t))) + (unwind-protect + (cl-letf (((symbol-function 'call-process) (lambda (&rest _) 128)) + ((symbol-function 'pop-to-buffer) #'ignore) + ((symbol-function 'message) #'ignore)) + (should-error + (cj/git-clone-clipboard-url "https://example.com/user/repo.git" target) + :type 'user-error)) + (delete-directory target t)))) + +(ert-deftest test-vc-git-clone-clipboard-url-empty-clipboard-errors () + "Error: an empty clipboard URL aborts before any clone attempt." + (let ((cloned nil)) + (cl-letf (((symbol-function 'call-process) + (lambda (&rest _) (setq cloned t) 0))) + (should-error (cj/git-clone-clipboard-url " " "/tmp") :type 'user-error)) + (should-not cloned))) + +(provide 'test-vc-config--git-clone) +;;; test-vc-config--git-clone.el ends here |