On Mon, Oct 31 2022, Johannes Schindelin via GitGitGadget wrote: > From: Johannes Schindelin <johannes.schindelin@xxxxxx> > > In 6dcbdc0d6616 (remote: create fetch.credentialsInUrl config, > 2022-06-06), we added four test cases that validate various behavior > around passing credentials as part of the URL (which is considered > unsafe in general). > > These tests do not _actually_ try to connect anywhere, but have to use > the https:// protocol in order to validate the intended code paths. > > However, using `localhost` for such a connection causes several > problems: > > - There might be a web server running on localhost, and we do not > actually want to connect to that. > > - The DNS resolver, or the local firewall, might take a substantial > amount of time (or forever, whichever comes first) to fail to connect, > slowing down the test cases unnecessarily. > > Let's instead use an IPv4 address that is guaranteed never to offer a > web server: 224.0.0.1 (which is part of the IP multicast range). > > Incidentally, this seems to fix an issue where the tests fail in the > Windows jobs of Git's CI builds. > [...] > diff --git a/t/t5601-clone.sh b/t/t5601-clone.sh > index 45f0803ed4d..0b386c74818 100755 > --- a/t/t5601-clone.sh > +++ b/t/t5601-clone.sh > @@ -72,19 +72,19 @@ test_expect_success 'clone respects GIT_WORK_TREE' ' > ' > > test_expect_success LIBCURL 'clone warns or fails when using username:password' ' > - message="URL '\''https://username:<redacted>@localhost/'\'' uses plaintext credentials" && > - test_must_fail git -c transfer.credentialsInUrl=allow clone https://username:password@localhost attempt1 2>err && > + message="URL '\''https://username:<redacted>@224.0.0.1/'\'' uses plaintext credentials" && > + test_must_fail git -c transfer.credentialsInUrl=allow clone https://username:password@224.0.0.1 attempt1 2>err && > ! grep "$message" err && > > - test_must_fail git -c transfer.credentialsInUrl=warn clone https://username:password@localhost attempt2 2>err && > + test_must_fail git -c transfer.credentialsInUrl=warn clone https://username:password@224.0.0.1 attempt2 2>err && > grep "warning: $message" err >warnings && > test_line_count = 2 warnings && > > - test_must_fail git -c transfer.credentialsInUrl=die clone https://username:password@localhost attempt3 2>err && > + test_must_fail git -c transfer.credentialsInUrl=die clone https://username:password@224.0.0.1 attempt3 2>err && > grep "fatal: $message" err >warnings && > test_line_count = 1 warnings && > > - test_must_fail git -c transfer.credentialsInUrl=die clone https://username:@localhost attempt3 2>err && > + test_must_fail git -c transfer.credentialsInUrl=die clone https://username:@224.0.0.1 attempt3 2>err && > grep "fatal: $message" err >warnings && > test_line_count = 1 warnings > ' For this one one at least, it eventually gets around to setting up an actual httpd server with cloning etc. from $HTTPD_URL. Can't we just do that for both of these tests rather than the the 224.0.0.0 hack? I.e. the root cause is that we're cleverly faking a not-a-server here, and now we're going to add another somewhat clever hack on top. but since the test coverage is for https:// anyway, and we have other https tests against an actual server...
