Archives
/
git-secret
mirror of https://github.com/sobolevn/git-secret
2
1
Fork 0
Code Issues Projects Releases Wiki Activity

Adds alpine tests

Browse Source
pull/662/head
sobolevn 3 years ago committed by Nikita Sobolev
parent 38e72e7b05
commit 22d994c372
20 changed files with 157 additions and 97 deletions
Show Stats Download Patch File Download Diff File

1
.ci/before_script.sh
Unescape Escape View File

@ -19,4 +19,3 @@ fi
if [[ "$GITSECRET_DIST" == "windows" ]]; then
choco install make shellcheck -y
fi

16
.ci/docker/alpine/Dockerfile
Unescape Escape View File

@ -0,0 +1,16 @@
FROM alpine:3.13
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
# Don't install coreutils on Alpine,
# so we get busybox versions of ps, stat, and ls. See #475
RUN apk add --no-cache --update \
# Direct dependencies:
bash \
gawk \
git \
gnupg \
# Assumed to be present:
make \
procps

4
.ci/docker/debian/Dockerfile
Unescape Escape View File

@ -1,12 +1,14 @@
FROM debian:10.9-slim
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND="noninteractive"
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
# Direct dependencies:
curl \
gawk \
git \
gnupg \

4
.ci/docker/ubuntu/Dockerfile
Unescape Escape View File

@ -1,12 +1,14 @@
FROM ubuntu:20.04
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND="noninteractive"
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
# Direct dependencies:
curl \
gawk \
git \
gnupg \

49
tests/_test_base.bash
Unescape Escape View File

@ -16,10 +16,13 @@ FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
TEST_GPG_HOMEDIR="$BATS_TMPDIR"
# TODO: factor out tempdir creation. On osx TEST_GPG_OUTPUT_FILE, still has 'XXXXXX's, like
# TODO: factor out tempdir creation.
# On osx TEST_GPG_OUTPUT_FILE, still has 'XXXXXX's, like
# /var/folders/mm/_f0j67x10l92b4zznyx4ylzh00017w/T/gitsecret_output.XXXXXX.RaqyGYqL
TEST_GPG_OUTPUT_FILE=$(TMPDIR="$BATS_TMPDIR" mktemp -t 'gitsecret_output.XXXXXX')
#echo "# TEST_GPG_OUTPUT_FILE=$TEST_GPG_OUTPUT_FILE" >&3
TEST_GPG_OUTPUT_FILE=$(
TMPDIR="$BATS_TMPDIR" mktemp -t 'gitsecret_output.XXXXXX'
)
# shellcheck disable=SC2016
AWK_GPG_GET_FP='
@ -34,25 +37,29 @@ BEGIN { OFS=":"; FS=":"; }
'
# GPG-based stuff:
: "${SECRETS_GPG_COMMAND:="gpg"}"
: "${SECRETS_GPG_COMMAND:='gpg'}"
# This command is used with absolute homedir set and disabled warnings:
GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning --batch"
# Test key fixture data. Fixtures are at tests/fixtures/gpg/$email
# See tests/fixtures/gpg/README.md for more on key fixtures 'user[1-5]@gitsecret.io'
# these two are 'normal' keys.
# See tests/fixtures/gpg/README.md for more
# on key fixtures 'user[1-5]@gitsecret.io'
# these two are 'normal' keys.
export TEST_DEFAULT_USER="user1@gitsecret.io"
export TEST_SECOND_USER="user2@gitsecret.io"
# TEST_NONAME_USER (user3) created with '--quick-key-generate' and has only an email, no username.
# TEST_NONAME_USER (user3) created with '--quick-key-generate'
# and has only an email, no username.
export TEST_NONAME_USER="user3@gitsecret.io"
# TEST_EXPIRED_USER (user4) has expired
export TEST_EXPIRED_USER="user4@gitsecret.io" # this key expires 2018-09-24
export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io" # fixture filename is named this, but key has no email and a comment, as per #527
# fixture filename is named this,
# but key has no email and a comment, as per #527
export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io"
export TEST_ATTACKER_USER="attacker1@gitsecret.io"
@ -65,13 +72,12 @@ export TEST_FOURTH_FILENAME="space file three [] * $" # has spaces and special
function test_user_password {
# Password for 'user3@gitsecret.io' is 'user3pass'
# As it was set on key creation.
# As it was set on key creation.
# shellcheck disable=SC2001
echo "$1" | sed -e 's/@.*/pass/'
echo "$1" | sed -e 's/@.*/pass/'
}
# GPG:
function stop_gpg_agent {
@ -126,7 +132,7 @@ function install_fixture_key {
function install_fixture_full_key {
local private_key="$BATS_TMPDIR/private-${1}.key"
local gpgtest_prefix
gpgtest_prefix=$(get_gpgtest_prefix "$1")
gpgtest_prefix=$(get_gpgtest_prefix "$1")
local gpgtest_import="$gpgtest_prefix $GPGTEST"
local email
local fingerprint
@ -278,7 +284,7 @@ function unset_current_state {
stop_gpg_agent
# SECRETS_TEST_VERBOSE is experimental
if [[ -n "$SECRETS_TEST_VERBOSE" ]]; then
if [[ -n "$SECRETS_TEST_VERBOSE" ]]; then
# display the captured output as bats diagnostic (fd3, preceded by '# ')
sed "s/^/# $BATS_TEST_DESCRIPTION: /" < "$TEST_GPG_OUTPUT_FILE" >&3
@ -287,24 +293,19 @@ function unset_current_state {
echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' final output: /" >&3
fi
rm "$TEST_GPG_OUTPUT_FILE"
## old code to remove tmp gpg homedir: TODO: remove.
#find "$TEST_GPG_HOMEDIR" \
# -regex ".*\/random_seed\|.*\.gpg\|.*\.kbx.?\|.*private-keys.*\|.*test_sub_dir\|.*S.gpg-agent\|.*file_to_hide.*" \
# -exec rm -rf {} +
rm -f "$TEST_GPG_OUTPUT_FILE"
# new code to remove temporary gpg homedir artifacts.
# new code to remove temporary gpg homedir artifacts.
# For #360, 'find and rm only relevant files when test fails'.
# ${VAR:?} will cause command to fail if VAR is 0 length, as per shellcheck SC2115
rm -vrf "${TEST_GPG_HOMEDIR:?}/private-keys*" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/*.kbx" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/*.kbx~" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/*.gpg" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_DEFAULT_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_SECOND_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_THIRD_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_DEFAULT_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_SECOND_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_THIRD_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
# return to the base dir:
cd "$SECRET_PROJECT_ROOT" || exit 1

9
tests/test_cat.bats
Unescape Escape View File

@ -28,7 +28,7 @@ function teardown {
@test "run 'cat' with password argument" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE"
run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE"
[ "$status" -eq 0 ]
@ -38,11 +38,12 @@ function teardown {
@test "run 'cat' with password argument and SECRETS_VERBOSE=1" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
SECRETS_VERBOSE=1 run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE"
SECRETS_VERBOSE=1 run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE"
[ "$status" -eq 0 ]
# $output _contains_ the output from 'git secret cat', may have extra output from gpg
# $output _contains_ the output from 'git secret cat',
# may have extra output from gpg
[[ "$output" == *"$FILE_CONTENTS"* ]]
}
@ -52,7 +53,7 @@ function teardown {
}
@test "run 'cat' with bad arg" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
run git secret cat -Z -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE"
run git secret cat -Z -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE"
[ "$status" -ne 0 ]
}

17
tests/test_changes.bats
Unescape Escape View File

@ -31,6 +31,7 @@ function teardown {
unset_current_state
}
@test "run 'changes' on one file with no file changed" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE"
@ -61,6 +62,7 @@ function teardown {
}
@test "run 'changes' with source file missing" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
rm "$FILE_TO_HIDE" || _abort "error removing: $FILE_TO_HIDE"
@ -69,6 +71,7 @@ function teardown {
[ "$status" -ne 0 ]
}
@test "run 'changes' with hidden file missing" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
@ -104,7 +107,7 @@ function teardown {
[ "$status" -eq 0 ]
local num_lines=$(echo "$output" | wc -l)
[[ "$num_lines" -eq 2 ]]
[[ "$num_lines" -eq 2 ]]
}
@ -152,17 +155,25 @@ function teardown {
[[ "$output" == *"+$second_new_content"* ]]
}
@test "run 'changes' on file that does not exist" {
run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_NON_EXISTENT"
run git secret changes \
-d "$TEST_GPG_HOMEDIR" \
-p "$password" \
"$FILE_NON_EXISTENT"
[ "$status" -ne 0 ]
}
@test "run 'changes' on one file without newlines" {
set_state_secret_add_without_newline "$THIRD_FILE_TO_HIDE" "$FILE_CONTENTS"
set_state_secret_hide
local password=$(test_user_password "$TEST_DEFAULT_USER")
run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$THIRD_FILE_TO_HIDE"
run git secret changes \
-d "$TEST_GPG_HOMEDIR" \
-p "$password" \
"$THIRD_FILE_TO_HIDE"
[ "$status" -eq 0 ]
local num_lines=$(echo "$output" | wc -l)

26
tests/test_expiration.bats
Unescape Escape View File

@ -4,6 +4,7 @@ export TZ="GMT"
load _test_base
function setup {
install_fixture_key "$TEST_EXPIRED_USER"
@ -13,22 +14,25 @@ function setup {
set_state_secret_tell "$TEST_EXPIRED_USER"
}
function teardown {
uninstall_fixture_key "$TEST_EXPIRED_USER"
unset_current_state
}
@test "run 'hide' using expired key" {
FILE_TO_HIDE="$TEST_DEFAULT_FILENAME"
FILE_CONTENTS="hidden content юникод"
set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS"
run git secret hide
run git secret hide
# this will fail, because we're using an expired key
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# output will look like 'abort: problem encrypting file with gpg: exit code 2: space file'
#echo "# status of hide: $status" >&3
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# output will look like:
# 'abort: problem encrypting file with gpg: exit code 2: space file'
# echo "# status of hide: $status" >&3
[ $status -ne 0 ] # we expect failure here. Actual code is 2
}
@ -36,7 +40,7 @@ function teardown {
@test "run 'whoknows' using expired key" {
run git secret whoknows
[ $status -eq 0 ]
[ $status -eq 0 ]
}
@test "run 'whoknows -l' on only expired user" {
@ -44,17 +48,16 @@ function teardown {
[ "$status" -eq 0 ]
# diag output for bats-core
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# output should look like 'abort: problem encrypting file with gpg: exit code 2: space file'
#echo "# $BATS_TEST_DESCRIPTION: $status" >&3
# echo "# $BATS_TEST_DESCRIPTION: $status" >&3
# Now test the output, both users should be present:
[[ "$output" == *"$TEST_EXPIRED_USER (expires: 2018-09-23)"* ]]
}
@test "run 'whoknows -l' on normal key and expired key" {
install_fixture_key "$TEST_DEFAULT_USER"
set_state_secret_tell "$TEST_DEFAULT_USER"
@ -70,8 +73,3 @@ function teardown {
uninstall_fixture_key "$TEST_DEFAULT_USER"
}
function teardown {
uninstall_fixture_key "$TEST_EXPIRED_USER"
unset_current_state
}

40
tests/test_hide.bats
Unescape Escape View File

@ -28,7 +28,7 @@ function teardown {
@test "run 'hide' normally" {
run git secret hide
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# Command must execute normally:
[ "$status" -eq 0 ]
@ -39,31 +39,35 @@ function teardown {
[ -f "$encrypted_file" ]
}
@test "run 'hide' with extra filename" {
run git secret hide extra_filename
[ "$status" -ne 0 ]
}
@test "run 'hide' with bad arg" {
run git secret hide -Z
[ "$status" -ne 0 ]
}
@test "run 'hide' normally with SECRETS_VERBOSE=1" {
SECRETS_VERBOSE=1 run git secret hide
SECRETS_VERBOSE=1 run git secret hide
# Command must execute normally.
# Command must execute normally.
[ "$status" -eq 0 ]
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
}
@test "run 'hide' with '-P'" {
# attempt to alter permissions on input file
chmod o-rwx "$FILE_TO_HIDE"
run git secret hide -P
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# Command must execute normally:
[ "$status" -eq 0 ]
@ -75,15 +79,15 @@ function teardown {
## permissions should match.
local secret_perm
local file_perm
local file_perm
file_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE")
secret_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$encrypted_file")
#echo "# '$BATS_TEST_DESCRIPTION': $secret_perm, file_perm: $file_perm" >&3
# echo "# '$BATS_TEST_DESCRIPTION': $secret_perm, file_perm: $file_perm" >&3
[ "$secret_perm" = "$file_perm" ]
}
@test "run 'hide' from inside subdirectory" {
@test "run 'hide' from inside subdirectory" {
if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then
# See #334 for more about this
skip "this test is skipped while 'git commit'"
@ -111,6 +115,7 @@ function teardown {
rm -rf "$root_dir"
}
@test "run 'hide' with missing file" {
# Preparations:
local second_file="$TEST_SECOND_FILENAME"
@ -149,7 +154,8 @@ function teardown {
# Command must execute normally:
[ "$status" -eq 0 ]
# git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode
# git secret hide -m: uses temp file so cleaning should take place,
# but we only show tmp file cleanup in VERBOSE mode
[ "${lines[0]}" = "git-secret: done. 1 of 1 files are hidden." ]
# New files should be created:
@ -163,11 +169,12 @@ function teardown {
path_mappings=$(_get_secrets_dir_paths_mapping)
run git secret hide -m
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# Command must execute normally:
[ "$status" -eq 0 ]
# git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode
# git secret hide -m: uses temp file so cleaning should take place,
# but we only show tmp file cleanup in VERBOSE mode
[[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]
# back path mappings
@ -177,8 +184,9 @@ function teardown {
# compare
[ "$status" -eq 0 ]
[[ "${#lines[@]}" -eq 1 ]]
# output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again.
# output says 0 of 1 files are hidden because checksum didn't change
# and we didn't need to hide it again.
[[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
# no changes should occur to path_mappings files
cmp -s "${path_mappings}" "${path_mappings}.bak"
@ -198,7 +206,8 @@ function teardown {
# Command must execute normally:
[ "$status" -eq 0 ]
# git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode
# git secret hide -m: uses temp file so cleaning should take place,
# but we only show tmp file cleanup in VERBOSE mode
[[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]
# back path mappings
@ -208,8 +217,9 @@ function teardown {
# compare
[ "$status" -eq 0 ]
[[ "${#lines[@]}" -eq 1 ]]
# output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again.
# output says 0 of 1 files are hidden because checksum didn't change
# and we didn't need to hide it again.
[[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
# no changes should occur to path_mappings files
cmp -s "${path_mappings}" "${path_mappings}.bak"

3
tests/test_hide_continue.bats
Unescape Escape View File

@ -32,7 +32,7 @@ function teardown {
mv "$FILE_TO_HIDE" "$FILE_TO_HIDE.was" # move the first file out of the way
run git secret hide -F
#echo "# output of 'git secret hide -F' is: $output" >&3
# echo "# output of 'git secret hide -F' is: $output" >&3
# Command must execute normally:
[ "$status" -eq 0 ]
@ -48,4 +48,3 @@ function teardown {
# put back first file so teardown() succeeds
mv "$FILE_TO_HIDE.was" "$FILE_TO_HIDE"
}

3
tests/test_init.bats
Unescape Escape View File

@ -15,7 +15,7 @@ function teardown {
@test "secrets dir env var set as expected" {
_TEST_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"}
_TEST_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"}
[ "${_TEST_SECRETS_DIR}" = "${_SECRETS_DIR}" ]
}
@ -41,6 +41,7 @@ function teardown {
[ "$status" -ne 0 ]
}
@test "run 'init' with bad arg" {
run git secret init -Z
[ "$status" -ne 0 ]

2
tests/test_killperson.bats
Unescape Escape View File

@ -77,9 +77,9 @@ function teardown {
[ "$status" -eq 1 ]
}
@test "run 'killperson' with bad arg" {
local email="$TEST_DEFAULT_USER"
run git secret killperson -Z "$email"
[ "$status" -ne 0 ]
}

3
tests/test_list.bats
Unescape Escape View File

@ -31,16 +31,19 @@ function teardown {
[ "$output" = "$FILE_TO_HIDE" ]
}
@test "run 'list' with extra filename" {
run git secret list extra_filename
[ "$status" -ne 0 ]
}
@test "run 'list' with bad arg" {
run git secret list -Z
[ "$status" -ne 0 ]
}
@test "run 'list' with multiple files" {
# Preparations:
local second_file="second_file.txt"

7
tests/test_make_install.bats
Unescape Escape View File

@ -4,17 +4,14 @@
INSTALL_BASE="${TMPDIR}/git-secret-test-install"
@test "install git-secret to DESTDIR='$INSTALL_BASE'" {
@test "install git-secret to DESTDIR='$INSTALL_BASE'" {
rm -f "${INSTALL_BASE}/usr/bin/git-secret"
cd $SECRET_PROJECT_ROOT
cd $SECRET_PROJECT_ROOT
# set DESTDIR for this command and 'run' make install
DESTDIR="${INSTALL_BASE}" run make install
[ -x "${INSTALL_BASE}/usr/bin/git-secret" ]
rm -rf "${INSTALL_BASE}"
}

5
tests/test_noname.bats
Unescape Escape View File

@ -1,7 +1,8 @@
#!/usr/bin/env bats
## this tests using TEST_NONAME_USER, which has a email but no username.
# This test is copied from the start of test_remove.bats, and exercises an add and a remove.
# These tests using TEST_NONAME_USER, which has a email but no username.
# This test is copied from the start of test_remove.bats,
# and exercises an add and a remove.
load _test_base

2
tests/test_remove.bats
Unescape Escape View File

@ -127,9 +127,9 @@ function _has_line {
[ ! -f "$second_encrypted_file" ]
}
@test "run 'remove' with bad arg" {
set_state_secret_hide
run git secret remove -Z "$SECOND_FILE"
[ "$status" -ne 0 ]
}

21
tests/test_reveal.bats
Unescape Escape View File

@ -43,6 +43,7 @@ function teardown {
rm "${FILE_TO_HIDE}2"
}
@test "run 'reveal' with bad arg" {
cp "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
rm -f "$FILE_TO_HIDE"
@ -52,12 +53,14 @@ function teardown {
[ "$status" -ne 0 ]
}
@test "run 'reveal' on secret version of file" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE$SECRETS_EXTENSION"
[ "$status" -ne 0 ]
}
@test "run 'reveal' with '-f'" {
rm "$FILE_TO_HIDE"
@ -68,6 +71,7 @@ function teardown {
[ -f "$FILE_TO_HIDE" ]
}
@test "run 'reveal' with '-v'" {
rm "$FILE_TO_HIDE"
@ -96,12 +100,13 @@ function teardown {
local file_perm
file_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE")
secret_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE$SECRETS_EXTENSION")
#echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3
#echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3
[ "$secret_perm" = "$file_perm" ]
[ -f "$FILE_TO_HIDE" ]
}
@test "run 'reveal' with wrong password" {
rm "$FILE_TO_HIDE"
@ -111,7 +116,6 @@ function teardown {
}
@test "run 'reveal' for attacker" {
# Preparations
rm "$FILE_TO_HIDE"
@ -129,6 +133,7 @@ function teardown {
uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$attacker_fingerprint"
}
@test "run 'reveal' for attacker with -F (force)" {
# Preparations
rm "$FILE_TO_HIDE"
@ -144,13 +149,13 @@ function teardown {
[ "$status" -eq 0 ]
[ ! -f "$FILE_TO_HIDE" ]
touch "$FILE_TO_HIDE" #create this file so uninstall below works
# Cleaning up:
uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$attacker_fingerprint"
}
@test "run 'reveal' for multiple users (with key deletion)" {
# Preparations:
local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER")
@ -191,14 +196,18 @@ function teardown {
uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint"
}
@test "run 'reveal' with SECRETS_PINENTRY=loopback" {
rm -f "$FILE_TO_HIDE"
local password=$(test_user_password "$TEST_DEFAULT_USER")
SECRETS_PINENTRY=loopback run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
SECRETS_PINENTRY=loopback run git secret reveal \
-d "$TEST_GPG_HOMEDIR" \
-p "$password"
[ "$status" -eq 0 ]
}
@test "run 'reveal' with SECRETS_PINENTRY=error" {
if [[ "$GPG_VER_MIN_21" -ne 1 ]]; then
skip "this test is skipped on gpg before version 2.1"
@ -207,6 +216,8 @@ function teardown {
rm -f "$FILE_TO_HIDE"
local password=$(test_user_password "$TEST_DEFAULT_USER")
SECRETS_PINENTRY=error run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
SECRETS_PINENTRY=error run git secret reveal \
-d "$TEST_GPG_HOMEDIR" \
-p "$password"
[ "$status" -ne 0 ]
}

27
tests/test_tell.bats
Unescape Escape View File

@ -17,9 +17,10 @@ function teardown {
unset_current_state
}
@test "run 'tell' with '-v'" {
run git secret tell -d "$TEST_GPG_HOMEDIR" -v "$TEST_DEFAULT_USER"
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
[[ "$output" == *"created"* ]]
[[ "$output" == *"gpg:"* ]]
@ -27,27 +28,30 @@ function teardown {
[ "$status" -eq 0 ]
}
@test "run 'tell' without '-v'" {
run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
[[ "$output" != *"imported:"* ]]
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
[ "$status" -eq 0 ]
}
@test "run 'tell' on substring of emails" {
run git secret tell -d "$TEST_GPG_HOMEDIR" user
# this should give an error because there is no user named 'user',
# this should give an error because there is no user named 'user',
# even though there are users with the substring 'user'.
# See issue https://github.com/sobolevn/git-secret/issues/176
# See issue https://github.com/sobolevn/git-secret/issues/176
[ "$status" -eq 1 ]
run git secret whoknows
run git secret whoknows
[ "$status" -eq 1 ] # should error when there are no users told
}
@test "run 'tell' on the same email twice" {
# first time should succeed
git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
@ -57,6 +61,7 @@ function teardown {
[ "$status" -ne 0 ]
}
@test "fail on no users" {
run _user_required
[ "$status" -eq 1 ]
@ -108,6 +113,7 @@ function teardown {
[ "$status" -eq 1 ]
}
@test "run 'init' with bad arg" {
run git secret tell -Z -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
[ "$status" -ne 0 ]
@ -184,15 +190,16 @@ function teardown {
[[ "$output" != *"$TEST_NOEMAIL_COMMENT_USER"* ]]
# Cleaning up: can't clean up by email
#uninstall_fixture_key "$TEST_NOEMAIL_COMMENT_USER"
# Cleaning up: can't clean up by email
# uninstall_fixture_key "$TEST_NOEMAIL_COMMENT_USER"
}
@test "run 'tell' on non-email" {
install_fixture_key "$TEST_NOEMAIL_COMMENT_USER"
local name=$(echo "$TEST_NOEMAIL_COMMENT_USER" | sed -e 's/@.*//')
#echo "$name" | sed "s/^/# '$BATS_TEST_DESCRIPTION' name is: /" >&3
# echo "$name" | sed "s/^/# '$BATS_TEST_DESCRIPTION' name is: /" >&3
# Testing the command itself, should fail because you must use email
run git secret tell -d "$TEST_GPG_HOMEDIR" "$name"
@ -207,7 +214,7 @@ function teardown {
[[ "$output" != *"$name"* ]]
# Cleaning up: can't clean up by email because key doesn't hold it
#uninstall_fixture_key "$TEST_NOEMAIL_COMMENT_USER"
# uninstall_fixture_key "$TEST_NOEMAIL_COMMENT_USER"
}
@test "run 'tell' in subfolder" {

10
tests/test_usage.bats
Unescape Escape View File

@ -29,17 +29,17 @@ function teardown {
}
#_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"}
#_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"}
@test "run 'usage' with ignored '${_SECRETS_DIR}'" {
echo "${_SECRETS_DIR}" >> ".gitignore"
# below shows how to send 'diagnostic' messages to bats-core.
#echo "# clear-line-output" >&3
#echo "# SECRETS_DIR is ${_SECRETS_DIR}" >&3
# echo "# clear-line-output" >&3
# echo "# SECRETS_DIR is ${_SECRETS_DIR}" >&3
# It's ok for 'usage' to succeed when the .gitsecret directory is ignored, but it doesn't
run git secret usage
#echo "# git secret usage -> status $status" >&3
# echo "# git secret usage -> status $status" >&3
[ "$status" -eq 1 ]
}

5
tests/test_whoknows.bats
Unescape Escape View File

@ -45,8 +45,9 @@ function teardown {
run git secret whoknows -l
[ "$status" -eq 0 ]
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# output should look like 'abort: problem encrypting file with gpg: exit code 2: space file'
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# output should look like
# 'abort: problem encrypting file with gpg: exit code 2: space file'
#echo "# '$BATS_TEST_DESCRIPTION' status: $status" >&3
# Now test the output, both users should be present and without expiration

Write Preview
Loading…
Cancel
Save