From d40adc7553bc900328afa918f45b6d9e9c3087fb Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 24 Oct 2011 08:20:35 -0400
Subject: [PATCH] Fixed security hole when cloning repository with TortoiseGit (issue 28)

---
 tests/com/gitblit/tests/GitServletTest.java |   19 ++++++++++++++++++-
 1 files changed, 18 insertions(+), 1 deletions(-)

diff --git a/tests/com/gitblit/tests/GitServletTest.java b/tests/com/gitblit/tests/GitServletTest.java
index 0ede7ca..6a83974 100644
--- a/tests/com/gitblit/tests/GitServletTest.java
+++ b/tests/com/gitblit/tests/GitServletTest.java
@@ -12,6 +12,7 @@
 
 import org.eclipse.jgit.api.CloneCommand;
 import org.eclipse.jgit.api.Git;
+import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider;
 import org.eclipse.jgit.util.FileUtils;
 
 import com.gitblit.GitBlitServer;
@@ -50,7 +51,9 @@
 	}
 
 	public void testClone() throws Exception {
-		FileUtils.delete(folder, FileUtils.RECURSIVE);
+		if (folder.exists()) {
+			FileUtils.delete(folder, FileUtils.RECURSIVE);
+		}
 		CloneCommand clone = Git.cloneRepository();
 		clone.setURI(MessageFormat.format("http://localhost:{0,number,#}/git/ticgit.git", port));
 		clone.setDirectory(folder);
@@ -71,4 +74,18 @@
 		git.push().setPushAll().call();
 		git.getRepository().close();
 	}
+		
+	public void testBogusLoginClone() throws Exception {
+		File folder = new File(GitBlitSuite.REPOSITORIES, "working/gitblit");
+		if (folder.exists()) {
+			FileUtils.delete(folder, FileUtils.RECURSIVE);
+		}
+		CloneCommand clone = Git.cloneRepository();
+		clone.setURI(MessageFormat.format("http://localhost:{0,number,#}/git/gitblit.git", port));
+		clone.setDirectory(folder);
+		clone.setBare(false);
+		clone.setCloneAllBranches(true);
+		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider("bogus", "bogus"));
+		clone.call();
+	}
 }

--
Gitblit v1.9.1