Test failures with cURL-8.1.2 (when building git-2.41.0)

Test failures with cURL-8.1.2 (when building git-2.41.0)

[Douglas R. Reno]

Good afternoon,

While building git-2.41.0 with curl-8.1.2 installed, I've noticed three 
test failures. They appear to be coming from 
t5559-http-fetch-smart-http2.sh. Here are the details from the tests:

not ok 17 - GIT_TRACE_CURL redacts auth details
#
#               rm -rf redact-auth trace &&
#               set_askpass user@host pass@host &&
#               GIT_TRACE_CURL="$(pwd)/trace" git clone --bare 
"$HTTPD_URL/auth/smart/repo.git" redact-auth &&
#               expect_askpass both user@host &&
#
#               # Ensure that there is no "Basic" followed by a base64 
string, but that
#               # the auth details are redacted
#               ! grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace &&
#               grep -i "Authorization: Basic <redacted>" trace
#
not ok 18 - GIT_CURL_VERBOSE redacts auth details
#
#               rm -rf redact-auth trace &&
#               set_askpass user@host pass@host &&
#               GIT_CURL_VERBOSE=1 git clone --bare 
"$HTTPD_URL/auth/smart/repo.git" redact-auth 2>trace &&
#               expect_askpass both user@host &&
#
#               # Ensure that there is no "Basic" followed by a base64 
string, but that
#               # the auth details are redacted
#               ! grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace &&
#               grep -i "Authorization: Basic <redacted>" trace
#

ok 19 - GIT_TRACE_CURL does not redact auth details if GIT_TRACE_REDACT=0
ok 20 - disable dumb http on server
ok 21 - GIT_SMART_HTTP can disable smart http
ok 22 - invalid Content-Type rejected
ok 23 - create namespaced refs
ok 24 - smart clone respects namespace
ok 25 - dumb clone via http-backend respects namespace
ok 26 - cookies stored in http.cookiefile when http.savecookies set
ok 27 - transfer.hiderefs works over smart-http
ok 28 - create 2,000 tags in the repo
ok 29 - clone the 2,000 tag repo to check OS command line overflow
ok 30 - large fetch-pack requests can be sent using chunked encoding
ok 31 - test allowreachablesha1inwant
ok 32 - test allowreachablesha1inwant with unreachable
ok 33 - test allowanysha1inwant with unreachable
ok 34 # skip http can handle enormous ref negotiation (missing EXPENSIVE)
ok 35 - custom http headers
ok 36 - using fetch command in remote-curl updates refs
ok 37 - fetch by SHA-1 without tag following
not ok 38 - cookies are redacted by default
#
#               rm -rf clone &&
#               echo "Set-Cookie: Foo=1" >cookies &&
#               echo "Set-Cookie: Bar=2" >>cookies &&
#               GIT_TRACE_CURL=true \
#                       git -c "http.cookieFile=$(pwd)/cookies" clone \
#                       $HTTPD_URL/smart/repo.git clone 2>err &&
#               grep -i "Cookie:.*Foo=<redacted>" err &&
#               grep -i "Cookie:.*Bar=<redacted>" err &&
#               ! grep -i "Cookie:.*Foo=1" err &&
#               ! grep -i "Cookie:.*Bar=2" err
#


I've done a bit of investigation and found the directory where it's 
saving the results to, "trash directory.t5559-http-fetch-smart-http2". 
After changing to that directory and running 'grep -i "Authorization: 
Basic"' trace, I get:

renodr [ /sources/git-2.41.0/git-2.41.0/t/trash 
directory.t5559-http-fetch-smart-http2 ]$ grep -i "Authorization: Basic" 
trace
== Info: h2 [authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA==]
=> Send header: Authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA==
== Info: h2 [authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA==]
=> Send header: Authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA==
== Info: h2 [authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA==]
=> Send header: Authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA==

Checking the 'err' file where the cookies test was supposed to be 
looking in results in:

renodr [ /sources/git-2.41.0/git-2.41.0/t/trash 
directory.t5559-http-fetch-smart-http2 ]$ cat err
fatal: URL 
'https://user%40host:<redacted>@127.0.0.1:5559/auth/smart/repo.git' uses 
plaintext credentials

Please let me know if there's any way that I can help diagnose this further!

Thank you,

- Doug

RE: Test failures with cURL-8.1.2 (when building git-2.41.0)

[rsbecker]

On Monday, June 12, 2023 12:59 PM, Douglas R. Reno wrote:
>While building git-2.41.0 with curl-8.1.2 installed, I've noticed three test failures.
>They appear to be coming from t5559-http-fetch-smart-http2.sh. Here are the details
>from the tests:
>
>not ok 17 - GIT_TRACE_CURL redacts auth details # #               rm -rf redact-auth
>trace && #               set_askpass user@host pass@host &&
>#               GIT_TRACE_CURL="$(pwd)/trace" git clone --bare
>"$HTTPD_URL/auth/smart/repo.git" redact-auth && #               expect_askpass both
>user@host && # #               # Ensure that there is no "Basic" followed by a base64
>string, but that #               # the auth details are redacted #               ! grep -i
>"Authorization: Basic [0-9a-zA-Z+/]" trace && #               grep -i "Authorization: Basic
><redacted>" trace # not ok 18 - GIT_CURL_VERBOSE redacts auth details #
>#               rm -rf redact-auth trace && #               set_askpass user@host pass@host
>&& #               GIT_CURL_VERBOSE=1 git clone --bare
>"$HTTPD_URL/auth/smart/repo.git" redact-auth 2>trace &&
>#               expect_askpass both user@host && # #               # Ensure that there is no
>"Basic" followed by a base64 string, but that #               # the auth details are
>redacted #               ! grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace &&
>#               grep -i "Authorization: Basic <redacted>" trace #
>
>ok 19 - GIT_TRACE_CURL does not redact auth details if GIT_TRACE_REDACT=0 ok 20
>- disable dumb http on server ok 21 - GIT_SMART_HTTP can disable smart http ok 22
>- invalid Content-Type rejected ok 23 - create namespaced refs ok 24 - smart clone
>respects namespace ok 25 - dumb clone via http-backend respects namespace ok 26 -
>cookies stored in http.cookiefile when http.savecookies set ok 27 - transfer.hiderefs
>works over smart-http ok 28 - create 2,000 tags in the repo ok 29 - clone the 2,000
>tag repo to check OS command line overflow ok 30 - large fetch-pack requests can be
>sent using chunked encoding ok 31 - test allowreachablesha1inwant ok 32 - test
>allowreachablesha1inwant with unreachable ok 33 - test allowanysha1inwant with
>unreachable ok 34 # skip http can handle enormous ref negotiation (missing
>EXPENSIVE) ok 35 - custom http headers ok 36 - using fetch command in remote-curl
>updates refs ok 37 - fetch by SHA-1 without tag following not ok 38 - cookies are
>redacted by default # #               rm -rf clone && #               echo "Set-Cookie: Foo=1"
>>cookies && #               echo "Set-Cookie: Bar=2" >>cookies &&
>#               GIT_TRACE_CURL=true \ #                       git -c
>"http.cookieFile=$(pwd)/cookies" clone \ #                       $HTTPD_URL/smart/repo.git
>clone 2>err && #               grep -i "Cookie:.*Foo=<redacted>" err && #               grep
>-i "Cookie:.*Bar=<redacted>" err && #               ! grep -i "Cookie:.*Foo=1" err &&
>#               ! grep -i "Cookie:.*Bar=2" err #
>
>
>I've done a bit of investigation and found the directory where it's saving the results to,
>"trash directory.t5559-http-fetch-smart-http2".
>After changing to that directory and running 'grep -i "Authorization:
>Basic"' trace, I get:
>
>renodr [ /sources/git-2.41.0/git-2.41.0/t/trash
>directory.t5559-http-fetch-smart-http2 ]$ grep -i "Authorization: Basic"
>trace
>== Info: h2 [authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA==] => Send header:
>Authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA== == Info: h2 [authorization:
>Basic dXNlckBob3N0OnBhc3NAaG9zdA==] => Send header: Authorization: Basic
>dXNlckBob3N0OnBhc3NAaG9zdA== == Info: h2 [authorization: Basic
>dXNlckBob3N0OnBhc3NAaG9zdA==] => Send header: Authorization: Basic
>dXNlckBob3N0OnBhc3NAaG9zdA==
>
>Checking the 'err' file where the cookies test was supposed to be looking in results in:
>
>renodr [ /sources/git-2.41.0/git-2.41.0/t/trash
>directory.t5559-http-fetch-smart-http2 ]$ cat err
>fatal: URL
>'https://user%40host:<redacted>@127.0.0.1:5559/auth/smart/repo.git' uses plaintext
>credentials
>
>Please let me know if there's any way that I can help diagnose this further!

Curl, for at least a year (Curl issue #8654), does not support blanks in URLs of any kind. Have you found any of these?

-Randall