From 5561e628cdf5c5c6df5e1420c8518d1ddce9d37b Mon Sep 17 00:00:00 2001
From: Eliah Kagan <degeneracypressure@gmail.com>
Date: Wed, 15 Nov 2023 21:04:04 -0500
Subject: [PATCH] Mark unsafe-options "allowed" tests xfail on Windows

The tests of unsafe options are among those introduced originally
in #1521. They are regression tests for #1515 (CVE-2022-24439).
The unsafe options tests are paired: a test for the usual, default
behavior of forbidding the option, and a test for the behavior when
the option is explicitly allowed. In each such pair, both tests use
a payload that is intended to produce the side effect of a file of
a specific name being created in a temporary directory.

All the tests work on Unix-like systems. On Windows, the tests of
the *allowed* cases are broken, and this commit marks them xfail.
However, this has implications for the tests of the default, secure
behavior, because until the "allowed" versions work on Windows, it
will be unclear if either are using a payload that is effective and
that corresponds to the way its effect is examined.

Specifically, the "\" characters in the path seem to be treated as
escape characters rather than literally. Also, "touch" is not a
native Windows command, and the "touch" command in Git for Windows
maps disallowed occurrences of ":" in filenames to a separate code
point in the Private Use Area of the Basic Multilingual Plane.
---
 test/test_remote.py | 27 +++++++++++++++++++++++++++
 test/test_repo.py   | 18 ++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/test/test_remote.py b/test/test_remote.py
index f9f35e5d8..080718a1c 100644
--- a/test/test_remote.py
+++ b/test/test_remote.py
@@ -831,6 +831,15 @@ def test_fetch_unsafe_options(self, rw_repo):
                     remote.fetch(**unsafe_option)
                 assert not tmp_file.exists()
 
+    @pytest.mark.xfail(
+        os.name == "nt",
+        reason=(
+            "File not created. A separate Windows command may be needed. This and the "
+            "currently passing test test_fetch_unsafe_options must be adjusted in the "
+            "same way. Until then, test_fetch_unsafe_options is unreliable on Windows."
+        ),
+        raises=AssertionError,
+    )
     @with_rw_repo("HEAD")
     def test_fetch_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
@@ -890,6 +899,15 @@ def test_pull_unsafe_options(self, rw_repo):
                     remote.pull(**unsafe_option)
                 assert not tmp_file.exists()
 
+    @pytest.mark.xfail(
+        os.name == "nt",
+        reason=(
+            "File not created. A separate Windows command may be needed. This and the "
+            "currently passing test test_pull_unsafe_options must be adjusted in the "
+            "same way. Until then, test_pull_unsafe_options is unreliable on Windows."
+        ),
+        raises=AssertionError,
+    )
     @with_rw_repo("HEAD")
     def test_pull_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
@@ -955,6 +973,15 @@ def test_push_unsafe_options(self, rw_repo):
                     remote.push(**unsafe_option)
                 assert not tmp_file.exists()
 
+    @pytest.mark.xfail(
+        os.name == "nt",
+        reason=(
+            "File not created. A separate Windows command may be needed. This and the "
+            "currently passing test test_push_unsafe_options must be adjusted in the "
+            "same way. Until then, test_push_unsafe_options is unreliable on Windows."
+        ),
+        raises=AssertionError,
+    )
     @with_rw_repo("HEAD")
     def test_push_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
diff --git a/test/test_repo.py b/test/test_repo.py
index 3cde25184..033deca1e 100644
--- a/test/test_repo.py
+++ b/test/test_repo.py
@@ -294,6 +294,15 @@ def test_clone_unsafe_options(self, rw_repo):
                     rw_repo.clone(tmp_dir, **unsafe_option)
                 assert not tmp_file.exists()
 
+    @pytest.mark.xfail(
+        os.name == "nt",
+        reason=(
+            "File not created. A separate Windows command may be needed. This and the "
+            "currently passing test test_clone_unsafe_options must be adjusted in the "
+            "same way. Until then, test_clone_unsafe_options is unreliable on Windows."
+        ),
+        raises=AssertionError,
+    )
     @with_rw_repo("HEAD")
     def test_clone_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
@@ -364,6 +373,15 @@ def test_clone_from_unsafe_options(self, rw_repo):
                     Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option)
                 assert not tmp_file.exists()
 
+    @pytest.mark.xfail(
+        os.name == "nt",
+        reason=(
+            "File not created. A separate Windows command may be needed. This and the "
+            "currently passing test test_clone_from_unsafe_options must be adjusted in the "
+            "same way. Until then, test_clone_from_unsafe_options is unreliable on Windows."
+        ),
+        raises=AssertionError,
+    )
     @with_rw_repo("HEAD")
     def test_clone_from_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir: