From 22d994c372711fb607c0cdcce40d6a5c1f7fcc12 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Mon, 3 May 2021 14:43:02 +0300 Subject: [PATCH] Adds alpine tests --- .ci/before_script.sh | 1 - .ci/docker/alpine/Dockerfile | 16 ++++++++++++ .ci/docker/debian/Dockerfile | 4 ++- .ci/docker/ubuntu/Dockerfile | 4 ++- tests/_test_base.bash | 49 ++++++++++++++++++----------------- tests/test_cat.bats | 9 ++++--- tests/test_changes.bats | 17 +++++++++--- tests/test_expiration.bats | 26 +++++++++---------- tests/test_hide.bats | 40 +++++++++++++++++----------- tests/test_hide_continue.bats | 3 +-- tests/test_init.bats | 3 ++- tests/test_killperson.bats | 2 +- tests/test_list.bats | 3 +++ tests/test_make_install.bats | 7 ++--- tests/test_noname.bats | 5 ++-- tests/test_remove.bats | 2 +- tests/test_reveal.bats | 21 +++++++++++---- tests/test_tell.bats | 27 ++++++++++++------- tests/test_usage.bats | 10 +++---- tests/test_whoknows.bats | 5 ++-- 20 files changed, 157 insertions(+), 97 deletions(-) create mode 100644 .ci/docker/alpine/Dockerfile diff --git a/.ci/before_script.sh b/.ci/before_script.sh index 36c0e947..a4301031 100644 --- a/.ci/before_script.sh +++ b/.ci/before_script.sh @@ -19,4 +19,3 @@ fi if [[ "$GITSECRET_DIST" == "windows" ]]; then choco install make shellcheck -y fi - diff --git a/.ci/docker/alpine/Dockerfile b/.ci/docker/alpine/Dockerfile new file mode 100644 index 00000000..b0e62ec8 --- /dev/null +++ b/.ci/docker/alpine/Dockerfile @@ -0,0 +1,16 @@ +FROM alpine:3.13 + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +# Don't install coreutils on Alpine, +# so we get busybox versions of ps, stat, and ls. See #475 +RUN apk add --no-cache --update \ + # Direct dependencies: + bash \ + gawk \ + git \ + gnupg \ + # Assumed to be present: + make \ + procps diff --git a/.ci/docker/debian/Dockerfile b/.ci/docker/debian/Dockerfile index 761c02fc..66e20edc 100644 --- a/.ci/docker/debian/Dockerfile +++ b/.ci/docker/debian/Dockerfile @@ -1,12 +1,14 @@ FROM debian:10.9-slim +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + ENV DEBIAN_FRONTEND="noninteractive" RUN apt-get update \ && apt-get upgrade -y \ && apt-get install -y \ # Direct dependencies: - curl \ gawk \ git \ gnupg \ diff --git a/.ci/docker/ubuntu/Dockerfile b/.ci/docker/ubuntu/Dockerfile index 9f3bc71b..a77f3e4e 100644 --- a/.ci/docker/ubuntu/Dockerfile +++ b/.ci/docker/ubuntu/Dockerfile @@ -1,12 +1,14 @@ FROM ubuntu:20.04 +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + ENV DEBIAN_FRONTEND="noninteractive" RUN apt-get update \ && apt-get upgrade -y \ && apt-get install -y \ # Direct dependencies: - curl \ gawk \ git \ gnupg \ diff --git a/tests/_test_base.bash b/tests/_test_base.bash index 7eae09f0..671b95e1 100644 --- a/tests/_test_base.bash +++ b/tests/_test_base.bash @@ -16,10 +16,13 @@ FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures" TEST_GPG_HOMEDIR="$BATS_TMPDIR" -# TODO: factor out tempdir creation. On osx TEST_GPG_OUTPUT_FILE, still has 'XXXXXX's, like +# TODO: factor out tempdir creation. +# On osx TEST_GPG_OUTPUT_FILE, still has 'XXXXXX's, like # /var/folders/mm/_f0j67x10l92b4zznyx4ylzh00017w/T/gitsecret_output.XXXXXX.RaqyGYqL -TEST_GPG_OUTPUT_FILE=$(TMPDIR="$BATS_TMPDIR" mktemp -t 'gitsecret_output.XXXXXX') -#echo "# TEST_GPG_OUTPUT_FILE=$TEST_GPG_OUTPUT_FILE" >&3 +TEST_GPG_OUTPUT_FILE=$( + TMPDIR="$BATS_TMPDIR" mktemp -t 'gitsecret_output.XXXXXX' +) + # shellcheck disable=SC2016 AWK_GPG_GET_FP=' @@ -34,25 +37,29 @@ BEGIN { OFS=":"; FS=":"; } ' # GPG-based stuff: -: "${SECRETS_GPG_COMMAND:="gpg"}" +: "${SECRETS_GPG_COMMAND:='gpg'}" # This command is used with absolute homedir set and disabled warnings: GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning --batch" # Test key fixture data. Fixtures are at tests/fixtures/gpg/$email -# See tests/fixtures/gpg/README.md for more on key fixtures 'user[1-5]@gitsecret.io' -# these two are 'normal' keys. +# See tests/fixtures/gpg/README.md for more +# on key fixtures 'user[1-5]@gitsecret.io' +# these two are 'normal' keys. export TEST_DEFAULT_USER="user1@gitsecret.io" export TEST_SECOND_USER="user2@gitsecret.io" -# TEST_NONAME_USER (user3) created with '--quick-key-generate' and has only an email, no username. +# TEST_NONAME_USER (user3) created with '--quick-key-generate' +# and has only an email, no username. export TEST_NONAME_USER="user3@gitsecret.io" # TEST_EXPIRED_USER (user4) has expired export TEST_EXPIRED_USER="user4@gitsecret.io" # this key expires 2018-09-24 -export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io" # fixture filename is named this, but key has no email and a comment, as per #527 +# fixture filename is named this, +# but key has no email and a comment, as per #527 +export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io" export TEST_ATTACKER_USER="attacker1@gitsecret.io" @@ -65,13 +72,12 @@ export TEST_FOURTH_FILENAME="space file three [] * $" # has spaces and special function test_user_password { # Password for 'user3@gitsecret.io' is 'user3pass' - # As it was set on key creation. + # As it was set on key creation. # shellcheck disable=SC2001 - echo "$1" | sed -e 's/@.*/pass/' + echo "$1" | sed -e 's/@.*/pass/' } - # GPG: function stop_gpg_agent { @@ -126,7 +132,7 @@ function install_fixture_key { function install_fixture_full_key { local private_key="$BATS_TMPDIR/private-${1}.key" local gpgtest_prefix - gpgtest_prefix=$(get_gpgtest_prefix "$1") + gpgtest_prefix=$(get_gpgtest_prefix "$1") local gpgtest_import="$gpgtest_prefix $GPGTEST" local email local fingerprint @@ -278,7 +284,7 @@ function unset_current_state { stop_gpg_agent # SECRETS_TEST_VERBOSE is experimental - if [[ -n "$SECRETS_TEST_VERBOSE" ]]; then + if [[ -n "$SECRETS_TEST_VERBOSE" ]]; then # display the captured output as bats diagnostic (fd3, preceded by '# ') sed "s/^/# $BATS_TEST_DESCRIPTION: /" < "$TEST_GPG_OUTPUT_FILE" >&3 @@ -287,24 +293,19 @@ function unset_current_state { echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' final output: /" >&3 fi - rm "$TEST_GPG_OUTPUT_FILE" - - ## old code to remove tmp gpg homedir: TODO: remove. - #find "$TEST_GPG_HOMEDIR" \ - # -regex ".*\/random_seed\|.*\.gpg\|.*\.kbx.?\|.*private-keys.*\|.*test_sub_dir\|.*S.gpg-agent\|.*file_to_hide.*" \ - # -exec rm -rf {} + + rm -f "$TEST_GPG_OUTPUT_FILE" - # new code to remove temporary gpg homedir artifacts. + # new code to remove temporary gpg homedir artifacts. # For #360, 'find and rm only relevant files when test fails'. # ${VAR:?} will cause command to fail if VAR is 0 length, as per shellcheck SC2115 rm -vrf "${TEST_GPG_HOMEDIR:?}/private-keys*" 2>&1 | sed 's/^/# unset_current_state: rm /' rm -vrf "${TEST_GPG_HOMEDIR:?}/*.kbx" 2>&1 | sed 's/^/# unset_current_state: rm /' rm -vrf "${TEST_GPG_HOMEDIR:?}/*.kbx~" 2>&1 | sed 's/^/# unset_current_state: rm /' rm -vrf "${TEST_GPG_HOMEDIR:?}/*.gpg" 2>&1 | sed 's/^/# unset_current_state: rm /' - rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_DEFAULT_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' - rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_SECOND_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' - rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_THIRD_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' - rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' + rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_DEFAULT_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' + rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_SECOND_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' + rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_THIRD_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' + rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' # return to the base dir: cd "$SECRET_PROJECT_ROOT" || exit 1 diff --git a/tests/test_cat.bats b/tests/test_cat.bats index ab73c1ac..30baf01e 100644 --- a/tests/test_cat.bats +++ b/tests/test_cat.bats @@ -28,7 +28,7 @@ function teardown { @test "run 'cat' with password argument" { local password=$(test_user_password "$TEST_DEFAULT_USER") - run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" + run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" [ "$status" -eq 0 ] @@ -38,11 +38,12 @@ function teardown { @test "run 'cat' with password argument and SECRETS_VERBOSE=1" { local password=$(test_user_password "$TEST_DEFAULT_USER") - SECRETS_VERBOSE=1 run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" + SECRETS_VERBOSE=1 run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" [ "$status" -eq 0 ] - # $output _contains_ the output from 'git secret cat', may have extra output from gpg + # $output _contains_ the output from 'git secret cat', + # may have extra output from gpg [[ "$output" == *"$FILE_CONTENTS"* ]] } @@ -52,7 +53,7 @@ function teardown { } @test "run 'cat' with bad arg" { local password=$(test_user_password "$TEST_DEFAULT_USER") - run git secret cat -Z -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" + run git secret cat -Z -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" [ "$status" -ne 0 ] } diff --git a/tests/test_changes.bats b/tests/test_changes.bats index 65b08063..8c8322bf 100644 --- a/tests/test_changes.bats +++ b/tests/test_changes.bats @@ -31,6 +31,7 @@ function teardown { unset_current_state } + @test "run 'changes' on one file with no file changed" { local password=$(test_user_password "$TEST_DEFAULT_USER") run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" @@ -61,6 +62,7 @@ function teardown { } + @test "run 'changes' with source file missing" { local password=$(test_user_password "$TEST_DEFAULT_USER") rm "$FILE_TO_HIDE" || _abort "error removing: $FILE_TO_HIDE" @@ -69,6 +71,7 @@ function teardown { [ "$status" -ne 0 ] } + @test "run 'changes' with hidden file missing" { local password=$(test_user_password "$TEST_DEFAULT_USER") local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") @@ -104,7 +107,7 @@ function teardown { [ "$status" -eq 0 ] local num_lines=$(echo "$output" | wc -l) - [[ "$num_lines" -eq 2 ]] + [[ "$num_lines" -eq 2 ]] } @@ -152,17 +155,25 @@ function teardown { [[ "$output" == *"+$second_new_content"* ]] } + @test "run 'changes' on file that does not exist" { - run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_NON_EXISTENT" + run git secret changes \ + -d "$TEST_GPG_HOMEDIR" \ + -p "$password" \ + "$FILE_NON_EXISTENT" [ "$status" -ne 0 ] } + @test "run 'changes' on one file without newlines" { set_state_secret_add_without_newline "$THIRD_FILE_TO_HIDE" "$FILE_CONTENTS" set_state_secret_hide local password=$(test_user_password "$TEST_DEFAULT_USER") - run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$THIRD_FILE_TO_HIDE" + run git secret changes \ + -d "$TEST_GPG_HOMEDIR" \ + -p "$password" \ + "$THIRD_FILE_TO_HIDE" [ "$status" -eq 0 ] local num_lines=$(echo "$output" | wc -l) diff --git a/tests/test_expiration.bats b/tests/test_expiration.bats index 8a387cbe..a99d37c4 100644 --- a/tests/test_expiration.bats +++ b/tests/test_expiration.bats @@ -4,6 +4,7 @@ export TZ="GMT" load _test_base + function setup { install_fixture_key "$TEST_EXPIRED_USER" @@ -13,22 +14,25 @@ function setup { set_state_secret_tell "$TEST_EXPIRED_USER" } + function teardown { uninstall_fixture_key "$TEST_EXPIRED_USER" unset_current_state } + @test "run 'hide' using expired key" { FILE_TO_HIDE="$TEST_DEFAULT_FILENAME" FILE_CONTENTS="hidden content юникод" set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS" - run git secret hide + run git secret hide # this will fail, because we're using an expired key - #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 - # output will look like 'abort: problem encrypting file with gpg: exit code 2: space file' - #echo "# status of hide: $status" >&3 + # echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 + # output will look like: + # 'abort: problem encrypting file with gpg: exit code 2: space file' + # echo "# status of hide: $status" >&3 [ $status -ne 0 ] # we expect failure here. Actual code is 2 } @@ -36,7 +40,7 @@ function teardown { @test "run 'whoknows' using expired key" { run git secret whoknows - [ $status -eq 0 ] + [ $status -eq 0 ] } @test "run 'whoknows -l' on only expired user" { @@ -44,17 +48,16 @@ function teardown { [ "$status" -eq 0 ] # diag output for bats-core - #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 + # echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 # output should look like 'abort: problem encrypting file with gpg: exit code 2: space file' - - #echo "# $BATS_TEST_DESCRIPTION: $status" >&3 + + # echo "# $BATS_TEST_DESCRIPTION: $status" >&3 # Now test the output, both users should be present: [[ "$output" == *"$TEST_EXPIRED_USER (expires: 2018-09-23)"* ]] } - @test "run 'whoknows -l' on normal key and expired key" { install_fixture_key "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER" @@ -70,8 +73,3 @@ function teardown { uninstall_fixture_key "$TEST_DEFAULT_USER" } - -function teardown { - uninstall_fixture_key "$TEST_EXPIRED_USER" - unset_current_state -} diff --git a/tests/test_hide.bats b/tests/test_hide.bats index 087aec3c..4a5a9f14 100644 --- a/tests/test_hide.bats +++ b/tests/test_hide.bats @@ -28,7 +28,7 @@ function teardown { @test "run 'hide' normally" { run git secret hide - #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 + # echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 # Command must execute normally: [ "$status" -eq 0 ] @@ -39,31 +39,35 @@ function teardown { [ -f "$encrypted_file" ] } + @test "run 'hide' with extra filename" { run git secret hide extra_filename [ "$status" -ne 0 ] } + @test "run 'hide' with bad arg" { run git secret hide -Z [ "$status" -ne 0 ] } + @test "run 'hide' normally with SECRETS_VERBOSE=1" { - SECRETS_VERBOSE=1 run git secret hide + SECRETS_VERBOSE=1 run git secret hide - # Command must execute normally. + # Command must execute normally. [ "$status" -eq 0 ] [[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]] } + @test "run 'hide' with '-P'" { # attempt to alter permissions on input file chmod o-rwx "$FILE_TO_HIDE" run git secret hide -P - #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 + # echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 # Command must execute normally: [ "$status" -eq 0 ] @@ -75,15 +79,15 @@ function teardown { ## permissions should match. local secret_perm - local file_perm + local file_perm file_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE") secret_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$encrypted_file") - #echo "# '$BATS_TEST_DESCRIPTION': $secret_perm, file_perm: $file_perm" >&3 + # echo "# '$BATS_TEST_DESCRIPTION': $secret_perm, file_perm: $file_perm" >&3 [ "$secret_perm" = "$file_perm" ] } -@test "run 'hide' from inside subdirectory" { +@test "run 'hide' from inside subdirectory" { if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then # See #334 for more about this skip "this test is skipped while 'git commit'" @@ -111,6 +115,7 @@ function teardown { rm -rf "$root_dir" } + @test "run 'hide' with missing file" { # Preparations: local second_file="$TEST_SECOND_FILENAME" @@ -149,7 +154,8 @@ function teardown { # Command must execute normally: [ "$status" -eq 0 ] - # git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode + # git secret hide -m: uses temp file so cleaning should take place, + # but we only show tmp file cleanup in VERBOSE mode [ "${lines[0]}" = "git-secret: done. 1 of 1 files are hidden." ] # New files should be created: @@ -163,11 +169,12 @@ function teardown { path_mappings=$(_get_secrets_dir_paths_mapping) run git secret hide -m - #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 + # echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 # Command must execute normally: [ "$status" -eq 0 ] - # git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode + # git secret hide -m: uses temp file so cleaning should take place, + # but we only show tmp file cleanup in VERBOSE mode [[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]] # back path mappings @@ -177,8 +184,9 @@ function teardown { # compare [ "$status" -eq 0 ] [[ "${#lines[@]}" -eq 1 ]] - - # output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again. + + # output says 0 of 1 files are hidden because checksum didn't change + # and we didn't need to hide it again. [[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]] # no changes should occur to path_mappings files cmp -s "${path_mappings}" "${path_mappings}.bak" @@ -198,7 +206,8 @@ function teardown { # Command must execute normally: [ "$status" -eq 0 ] - # git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode + # git secret hide -m: uses temp file so cleaning should take place, + # but we only show tmp file cleanup in VERBOSE mode [[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]] # back path mappings @@ -208,8 +217,9 @@ function teardown { # compare [ "$status" -eq 0 ] [[ "${#lines[@]}" -eq 1 ]] - - # output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again. + + # output says 0 of 1 files are hidden because checksum didn't change + # and we didn't need to hide it again. [[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]] # no changes should occur to path_mappings files cmp -s "${path_mappings}" "${path_mappings}.bak" diff --git a/tests/test_hide_continue.bats b/tests/test_hide_continue.bats index ca9b2dd9..6813f9f7 100644 --- a/tests/test_hide_continue.bats +++ b/tests/test_hide_continue.bats @@ -32,7 +32,7 @@ function teardown { mv "$FILE_TO_HIDE" "$FILE_TO_HIDE.was" # move the first file out of the way run git secret hide -F - #echo "# output of 'git secret hide -F' is: $output" >&3 + # echo "# output of 'git secret hide -F' is: $output" >&3 # Command must execute normally: [ "$status" -eq 0 ] @@ -48,4 +48,3 @@ function teardown { # put back first file so teardown() succeeds mv "$FILE_TO_HIDE.was" "$FILE_TO_HIDE" } - diff --git a/tests/test_init.bats b/tests/test_init.bats index da3e7463..35f7971f 100644 --- a/tests/test_init.bats +++ b/tests/test_init.bats @@ -15,7 +15,7 @@ function teardown { @test "secrets dir env var set as expected" { - _TEST_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"} + _TEST_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"} [ "${_TEST_SECRETS_DIR}" = "${_SECRETS_DIR}" ] } @@ -41,6 +41,7 @@ function teardown { [ "$status" -ne 0 ] } + @test "run 'init' with bad arg" { run git secret init -Z [ "$status" -ne 0 ] diff --git a/tests/test_killperson.bats b/tests/test_killperson.bats index 1771b1e2..7ae27340 100644 --- a/tests/test_killperson.bats +++ b/tests/test_killperson.bats @@ -77,9 +77,9 @@ function teardown { [ "$status" -eq 1 ] } + @test "run 'killperson' with bad arg" { local email="$TEST_DEFAULT_USER" run git secret killperson -Z "$email" [ "$status" -ne 0 ] } - diff --git a/tests/test_list.bats b/tests/test_list.bats index 538472d9..eed89df3 100644 --- a/tests/test_list.bats +++ b/tests/test_list.bats @@ -31,16 +31,19 @@ function teardown { [ "$output" = "$FILE_TO_HIDE" ] } + @test "run 'list' with extra filename" { run git secret list extra_filename [ "$status" -ne 0 ] } + @test "run 'list' with bad arg" { run git secret list -Z [ "$status" -ne 0 ] } + @test "run 'list' with multiple files" { # Preparations: local second_file="second_file.txt" diff --git a/tests/test_make_install.bats b/tests/test_make_install.bats index 81971550..69a3b52d 100644 --- a/tests/test_make_install.bats +++ b/tests/test_make_install.bats @@ -4,17 +4,14 @@ INSTALL_BASE="${TMPDIR}/git-secret-test-install" -@test "install git-secret to DESTDIR='$INSTALL_BASE'" { +@test "install git-secret to DESTDIR='$INSTALL_BASE'" { rm -f "${INSTALL_BASE}/usr/bin/git-secret" - - cd $SECRET_PROJECT_ROOT + cd $SECRET_PROJECT_ROOT # set DESTDIR for this command and 'run' make install DESTDIR="${INSTALL_BASE}" run make install [ -x "${INSTALL_BASE}/usr/bin/git-secret" ] - rm -rf "${INSTALL_BASE}" } - diff --git a/tests/test_noname.bats b/tests/test_noname.bats index 60327dac..677d0c21 100644 --- a/tests/test_noname.bats +++ b/tests/test_noname.bats @@ -1,7 +1,8 @@ #!/usr/bin/env bats -## this tests using TEST_NONAME_USER, which has a email but no username. -# This test is copied from the start of test_remove.bats, and exercises an add and a remove. +# These tests using TEST_NONAME_USER, which has a email but no username. +# This test is copied from the start of test_remove.bats, +# and exercises an add and a remove. load _test_base diff --git a/tests/test_remove.bats b/tests/test_remove.bats index f58eb8d7..2194a4f1 100644 --- a/tests/test_remove.bats +++ b/tests/test_remove.bats @@ -127,9 +127,9 @@ function _has_line { [ ! -f "$second_encrypted_file" ] } + @test "run 'remove' with bad arg" { set_state_secret_hide run git secret remove -Z "$SECOND_FILE" [ "$status" -ne 0 ] } - diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index a45a3e25..1c352cb5 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -43,6 +43,7 @@ function teardown { rm "${FILE_TO_HIDE}2" } + @test "run 'reveal' with bad arg" { cp "$FILE_TO_HIDE" "${FILE_TO_HIDE}2" rm -f "$FILE_TO_HIDE" @@ -52,12 +53,14 @@ function teardown { [ "$status" -ne 0 ] } + @test "run 'reveal' on secret version of file" { local password=$(test_user_password "$TEST_DEFAULT_USER") run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE$SECRETS_EXTENSION" [ "$status" -ne 0 ] } + @test "run 'reveal' with '-f'" { rm "$FILE_TO_HIDE" @@ -68,6 +71,7 @@ function teardown { [ -f "$FILE_TO_HIDE" ] } + @test "run 'reveal' with '-v'" { rm "$FILE_TO_HIDE" @@ -96,12 +100,13 @@ function teardown { local file_perm file_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE") secret_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE$SECRETS_EXTENSION") - #echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 + #echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 [ "$secret_perm" = "$file_perm" ] [ -f "$FILE_TO_HIDE" ] } + @test "run 'reveal' with wrong password" { rm "$FILE_TO_HIDE" @@ -111,7 +116,6 @@ function teardown { } - @test "run 'reveal' for attacker" { # Preparations rm "$FILE_TO_HIDE" @@ -129,6 +133,7 @@ function teardown { uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$attacker_fingerprint" } + @test "run 'reveal' for attacker with -F (force)" { # Preparations rm "$FILE_TO_HIDE" @@ -144,13 +149,13 @@ function teardown { [ "$status" -eq 0 ] [ ! -f "$FILE_TO_HIDE" ] - touch "$FILE_TO_HIDE" #create this file so uninstall below works # Cleaning up: uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$attacker_fingerprint" } + @test "run 'reveal' for multiple users (with key deletion)" { # Preparations: local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER") @@ -191,14 +196,18 @@ function teardown { uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint" } + @test "run 'reveal' with SECRETS_PINENTRY=loopback" { rm -f "$FILE_TO_HIDE" local password=$(test_user_password "$TEST_DEFAULT_USER") - SECRETS_PINENTRY=loopback run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" + SECRETS_PINENTRY=loopback run git secret reveal \ + -d "$TEST_GPG_HOMEDIR" \ + -p "$password" [ "$status" -eq 0 ] } + @test "run 'reveal' with SECRETS_PINENTRY=error" { if [[ "$GPG_VER_MIN_21" -ne 1 ]]; then skip "this test is skipped on gpg before version 2.1" @@ -207,6 +216,8 @@ function teardown { rm -f "$FILE_TO_HIDE" local password=$(test_user_password "$TEST_DEFAULT_USER") - SECRETS_PINENTRY=error run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" + SECRETS_PINENTRY=error run git secret reveal \ + -d "$TEST_GPG_HOMEDIR" \ + -p "$password" [ "$status" -ne 0 ] } diff --git a/tests/test_tell.bats b/tests/test_tell.bats index 2aac0f40..f2204b3d 100644 --- a/tests/test_tell.bats +++ b/tests/test_tell.bats @@ -17,9 +17,10 @@ function teardown { unset_current_state } + @test "run 'tell' with '-v'" { run git secret tell -d "$TEST_GPG_HOMEDIR" -v "$TEST_DEFAULT_USER" - #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 + # echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 [[ "$output" == *"created"* ]] [[ "$output" == *"gpg:"* ]] @@ -27,27 +28,30 @@ function teardown { [ "$status" -eq 0 ] } + @test "run 'tell' without '-v'" { run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" - #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 + # echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 [[ "$output" != *"imported:"* ]] [[ "$output" == *"$TEST_DEFAULT_USER"* ]] [ "$status" -eq 0 ] } + @test "run 'tell' on substring of emails" { run git secret tell -d "$TEST_GPG_HOMEDIR" user - # this should give an error because there is no user named 'user', + # this should give an error because there is no user named 'user', # even though there are users with the substring 'user'. - # See issue https://github.com/sobolevn/git-secret/issues/176 + # See issue https://github.com/sobolevn/git-secret/issues/176 [ "$status" -eq 1 ] - run git secret whoknows + run git secret whoknows [ "$status" -eq 1 ] # should error when there are no users told - + } + @test "run 'tell' on the same email twice" { # first time should succeed git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" @@ -57,6 +61,7 @@ function teardown { [ "$status" -ne 0 ] } + @test "fail on no users" { run _user_required [ "$status" -eq 1 ] @@ -108,6 +113,7 @@ function teardown { [ "$status" -eq 1 ] } + @test "run 'init' with bad arg" { run git secret tell -Z -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -ne 0 ] @@ -184,15 +190,16 @@ function teardown { [[ "$output" != *"$TEST_NOEMAIL_COMMENT_USER"* ]] - # Cleaning up: can't clean up by email - #uninstall_fixture_key "$TEST_NOEMAIL_COMMENT_USER" + # Cleaning up: can't clean up by email + # uninstall_fixture_key "$TEST_NOEMAIL_COMMENT_USER" } + @test "run 'tell' on non-email" { install_fixture_key "$TEST_NOEMAIL_COMMENT_USER" local name=$(echo "$TEST_NOEMAIL_COMMENT_USER" | sed -e 's/@.*//') - #echo "$name" | sed "s/^/# '$BATS_TEST_DESCRIPTION' name is: /" >&3 + # echo "$name" | sed "s/^/# '$BATS_TEST_DESCRIPTION' name is: /" >&3 # Testing the command itself, should fail because you must use email run git secret tell -d "$TEST_GPG_HOMEDIR" "$name" @@ -207,7 +214,7 @@ function teardown { [[ "$output" != *"$name"* ]] # Cleaning up: can't clean up by email because key doesn't hold it - #uninstall_fixture_key "$TEST_NOEMAIL_COMMENT_USER" + # uninstall_fixture_key "$TEST_NOEMAIL_COMMENT_USER" } @test "run 'tell' in subfolder" { diff --git a/tests/test_usage.bats b/tests/test_usage.bats index d96e3346..5c0570b1 100644 --- a/tests/test_usage.bats +++ b/tests/test_usage.bats @@ -29,17 +29,17 @@ function teardown { } -#_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"} +#_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"} @test "run 'usage' with ignored '${_SECRETS_DIR}'" { echo "${_SECRETS_DIR}" >> ".gitignore" - + # below shows how to send 'diagnostic' messages to bats-core. - #echo "# clear-line-output" >&3 - #echo "# SECRETS_DIR is ${_SECRETS_DIR}" >&3 + # echo "# clear-line-output" >&3 + # echo "# SECRETS_DIR is ${_SECRETS_DIR}" >&3 # It's ok for 'usage' to succeed when the .gitsecret directory is ignored, but it doesn't run git secret usage - #echo "# git secret usage -> status $status" >&3 + # echo "# git secret usage -> status $status" >&3 [ "$status" -eq 1 ] } diff --git a/tests/test_whoknows.bats b/tests/test_whoknows.bats index 47bba32a..466a3a5b 100644 --- a/tests/test_whoknows.bats +++ b/tests/test_whoknows.bats @@ -45,8 +45,9 @@ function teardown { run git secret whoknows -l [ "$status" -eq 0 ] - #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 - # output should look like 'abort: problem encrypting file with gpg: exit code 2: space file' + # echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3 + # output should look like + # 'abort: problem encrypting file with gpg: exit code 2: space file' #echo "# '$BATS_TEST_DESCRIPTION' status: $status" >&3 # Now test the output, both users should be present and without expiration