Test

Tests to see how Git web interfaces like GitHub and GitLab work exactly detect bugs.

Mirrors

This repository is mirrored at:

http://repo.or.cz/w/cirosantilli-test.git. Runs on Girocco. TODO get working.
https://bitbucket.org/cirosantilli/test
https://cirosantilli.beanstalkapp.com/test Company called Wildbit. builtwith.com and job offerings say Rails.
https://cirosantillitest.codeplex.com/. By Microsoft. Rejects this repo because of the future-max commit, so I made placeholder to squat the project name.
https://code.launchpad.net/cirosantilli-test-git. Unable to use it for now: http://superuser.com/questions/954490/launchpad-says-i-dont-have-an-ssh-key-but-i-do http://askubuntu.com/questions/13613/git-on-launchpad
https://github.com/cirosantilli/test
https://gitlab.com/cirosantilli/test
https://hub.jazz.net/git/cirosantilli/test
https://sourceforge.net/projects/cirosantilli-test
https://www.assembla.com/code/cirosantilli-test/git/nodes

Mirrors without public view:

Mirrors without repository browsing:

http://codeplane.com

Mirrors for which I can't create projects:

https://kenai.com

Discontinued:

https://code.google.com/p/cirosantilli-test (to be closed)
https://gitorious.org/cirosantilli-test/cirosantilli-test, bough by GitLab. Will remain read only.

Web interfaces without public hosting service that I know of. Huge list: https://git.wiki.kernel.org/index.php/Interfaces,_frontends,_and_tools#Web_Interfaces Some interesting ones:

Gitweb. Distributed with Git. The Perl one.
cgit. Official self-host: http://git.zx2c4.com/cgit, GitHub mirror: https://github.com/zx2c4/cgit. Used by GNU Savannah. Written in C.
Gerrit. The Java one. http://en.wikipedia.org/wiki/Gerrit_%28software%29,
GitList. The PHP one. https://github.com/klaussilveira/gitlist
WebGitNet. The .Net one. https://github.com/otac0n/WebGitNet

The SSH of those repos can be found at: remotes.sh, including other repos which don't have public view like Atlas.

Related repositories

Tests that are very large will not be included here to keep this repository small:

There are also some tests that could not be included here conveniently:

Other similar repos from other people:

https://github.com/joernchen/evil_stuff

Other useful things:

https://github.com/holman/feedback/issues. May contain some extra semi-internal information.
- https://github.com/showcases/projects-that-power-github
- https://github.com/holman/feedback/issues/553 GitHub is hosted on Carpathia
- https://github.com/holman/feedback/issues/544 GitHub uses Mac?

Files

The most interesting files on this repository are:

Markup tests:

md.md
issue-md.md: markdown on issues
adoc.adoc
rdoc.rdoc

Routing conflict attempts:

Weird stuff and attacks based on the filenames.

The only filenames which are not valid are:

contain forward slash /
.git
. and .., but not ...

Everything else goes:

?a=b&c=d
["](")
#
['](')
:
;
[\](\)
-
--
-start-with-slash
.md
whitespace filename edge cases:
- single whitespace filename
- double whitespace directory name and its README
- a b
Case insensitive filename conflict attempt: CASE, case and CASE-DIR, case-dir. Interestingly, however, .GIT fails: https://gitlab.com/cirosantilli/test-GIT/tree/master
Very tall and wide characters. More details.
- Basmala ﷽
  
  https://github.com/cirosantilli/test-git-web-interface/blob/fc0bf02b85e42e649127d964057e594361c4f305/%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD
- Unicode Thai combining characters ส็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็
  
  https://github.com/cirosantilli/test-git-web-interface/blob/de4a8e71fe6a1fe7f6e95b864c833b0e6965996b/%E0%B8%AA%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87

Magic Git files:

Git directory inside Git directory: _git.

For further mischief, the files in that directory were copied to the top-level of the repository.
.gitattributes: TODO empty

Does not seems to lead to arbitrary code execution, as available diff and merge drivers must be set on the config.

GitHub seems to ignore it: http://stackoverflow.com/a/24382933/895245

Other interesting things to do are the uppercase .Git and the .git file, which did not fit well in this repository.

XSS attempts:

README.md 9.4 KB Permalink History Raw

Test

Mirrors

Related repositories

Files

README.md 9.4 KB

Permalink History Raw