From e8f36c4bff0383c4480f80a1f00e4037174f3879 Mon Sep 17 00:00:00 2001
From: Peter Guy <peter.guy@sourcegraph.com>
Date: Thu, 10 Aug 2023 09:59:35 -0700
Subject: [PATCH] Add negative test for `git commit -F`

Ensure that file paths are not accepted as input.
---
 internal/gitserver/gitdomain/exec_test.go | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/internal/gitserver/gitdomain/exec_test.go b/internal/gitserver/gitdomain/exec_test.go
index 2f1c944b068c..8f6ec3a18473 100644
--- a/internal/gitserver/gitdomain/exec_test.go
+++ b/internal/gitserver/gitdomain/exec_test.go
@@ -10,7 +10,7 @@ import (
 )
 
 func TestIsAllowedGitCmd(t *testing.T) {
-	allowed := [][]string{
+	isAllowed := [][]string{
 		// Required for code monitors
 		{"rev-parse", "HEAD"},
 		{"rev-parse", "83838383"},
@@ -27,15 +27,28 @@ func TestIsAllowedGitCmd(t *testing.T) {
 		{"push", "--force", "git@github.com:repo/name", "f22cfd066432e382c24f1eaa867444671e23a136:refs/heads/a-branch"},
 		{"update-ref", "--"},
 	}
+	notAllowed := [][]string{
+		{"commit", "-F", "/etc/passwd"},
+		{"commit", "--file=/absolute/path"},
+		{"commit", "-F", "relative/passwd"},
+		{"commit", "--file=relative/path"},
+	}
 
 	logger := logtest.Scoped(t)
-	for _, args := range allowed {
+	for _, args := range isAllowed {
 		t.Run("", func(t *testing.T) {
 			if !IsAllowedGitCmd(logger, args, "/fake/path") {
 				t.Fatalf("expected args to be allowed: %q", args)
 			}
 		})
 	}
+	for _, args := range notAllowed {
+		t.Run("", func(t *testing.T) {
+			if IsAllowedGitCmd(logger, args, "/fake/path") {
+				t.Fatalf("expected args to NOT be allowed: %q", args)
+			}
+		})
+	}
 }
 
 func TestIsAllowedDiffGitCmd(t *testing.T) {