🚿

.bzrignore

@@ -0,0 +1 @@
+.git

.gitignore

@@ -0,0 +1 @@
+.bzr

CONTRIBUTING.md

@@ -0,0 +1 @@
+# Contributing

HEAD

@@ -0,0 +1 @@
+ref: refs/heads/master

README

@@ -0,0 +1,3 @@
+http://example.com
+
+[email protected]

README.md

@@ -1,36 +1,11 @@
-Tests to see how GitHub and GitLab work exactly and to detect bugs with them.
+# Test
 
-Tests that are very large will not be included here to keep this repository small:
+Tests to see how Git web interfaces like GitHub and GitLab work exactly detect bugs.
 
-- <https://github.com/cirosantilli/test-deep>
-- <https://github.com/cirosantilli/test-diff-many-files>
-- <https://github.com/cirosantilli/test-pr-many-commits>
-
-There are also some tests that could not be included here conveniently:
-
-- <https://github.com/cirosantilli/test-empty-commit>
-- <https://github.com/cirosantilli/test-empty-subdir>
-- <https://github.com/cirosantilli/test-long-filename>
-
-This repository is mirrored at:
-
-- <https://github.com/cirosantilli/test>
-- <https://gitlab.com/cirosantilli/test>
-
-Other similar repos from other people:
-
-- <https://github.com/joernchen/evil_stuff>
-
-The most interesting files on this repository are:
-
--   [markdown.md](markdown.md)
-
--   whitespace filename edge cases:
-
-    - [single whitespace filename](%20)
-    - [double whitespace directory name](%20%20/) and [it's README](%20%20/README.md)
-    - [a b](a b)
-
-Some interesting branches include:
-
-- [`hasslash/a`](../hasslash/a): branch inside sub-directory
+1.  [Other test repos](other-test-repos/README.md)
+1.  [Mirrors](mirrors.md)
+1.  [Generate commits fast](generate-commits-fast.md)
+1.  Tests
+    1.  [Files](files.md)
+    1.  [Refs](refs.md)
+1.  [Other CMS](other-cms.md)

_git/HEAD

@@ -0,0 +1 @@
+ref: refs/heads/master

_git/README.md

@@ -0,0 +1,13 @@
+Git automatically treats certain directories as Git repositories when certain files are present.
+<http://stackoverflow.com/questions/2044574/determine-if-directory-is-under-git-control>
+
+In normal circumstances, this happens for test repos that are kept inside git related repositories,
+e.g. <https://github.com/schacon/grack/tree/613acd237ab7f522a02953c310aad0d484873bd7/tests/example>
+
+When there is a `.git` directory in the current directory,
+it takes precedence over the current directory being a bare repo:
+`git` commands without explicit `--git-dir` will use it.
+
+If however git finds a directory that it recognizes to be a git bare repo and there is no `.git`,
+it will be used. Try `git log` in this directory. If some system fails to check for that,
+it is a great vector for arbitrary code execution.

_git/objects/17/3a852893f2dac5b79dd5862e5a032777477567

@@ -0,0 +1,2 @@
+x
5��
+1=�+r��b6
�_�n��������\g��o�k��<2I\W��}8�a�.~c 5
����%��t����X�t�'���3��|�A��
!W�

_git/refs/heads/master

@@ -0,0 +1 @@
+173a852893f2dac5b79dd5862e5a032777477567

adoc.adoc

@@ -0,0 +1,16 @@
+= h1
+
+:toc:
+:toc-placement: preamble
+
+Preamble. This paragraph has some magic properties just because it is before the first h2. E.g., the Toc will go after it.
+
+== h2
+
+== include
+
+GitHub renders it as a link as of 2015-09-23: no path transversal :-(
+
+include::.git/HEAD[]
+
+include::include.adoc[]

by-linus.md

@@ -0,0 +1,3 @@
+Ciro, keep up the good work!
+
+Linus.

d/README.md

@@ -1,4 +1,4 @@
-# h
+# Inner tree tests
 
 [""]()
 

deface.md

@@ -0,0 +1,7 @@
+The SHA of this commit begins with `deface`.
+
+It is used to test conflicts between SHA issue references and regular words.
+
+This commit was generated with:
+
+    https://github.com/bradfitz/gitbrute

diff

@@ -1,2 +1 @@
-This file is named `diff` to try and conflict with the GitLab diff URL.
-2
+Try and conflict with the GitLab diff URL: https://github.com/gitlabhq/gitlabhq/pull/7977

files.md

@@ -0,0 +1,88 @@
+## Files
+
+The most interesting files on this repository are:
+
+Markup tests:
+
+- [md.md](markdown.md)
+- [issue-md.md](issue-markdown.md): markdown on issues
+- [adoc.adoc](adoc.adoc)
+- [rdoc.rdoc](rdoc.rdoc)
+
+Routing conflict attempts:
+
+- [atom.atom](atom.atom)
+- [diff](diff)
+- [diff.diff](diff.diff)
+- [patch.patch](patch.patch)
+
+Weird stuff and attacks based on the filenames.
+
+The only filenames which are not valid are:
+
+- contain forward slash `/`
+- `.git`
+- `.` and `..`, but not `...`
+
+Everything else goes:
+
+-   [?a=b&c=d](?a=b&c=d)
+
+-   ["](")
+
+-   [#](#)
+
+-   ['](')
+
+-   [:](:)
+
+-   [;](;)
+
+-   [\\](\\)
+
+-   [-](-)
+
+-   [--](--)
+
+-   [-start-with-slash](-start-with-slash)
+
+-   [\.md](\.md)
+
+-   whitespace filename edge cases:
+
+    - [single whitespace filename](%20)
+    - [double whitespace directory name](%20%20/) and [its README](%20%20/README.md)
+    - [a b](a b)
+
+-   Case insensitive filename conflict attempt: [CASE](CASE), [case](case) and [CASE-DIR](CASE-DIR), [case-dir](case-dir). Interestingly, however, `.GIT` fails: <https://gitlab.com/cirosantilli/test-GIT/tree/master>
+
+-   Very tall or wide Unicode glyphs. [More details](https://www.quora.com/What-are-the-coolest-Unicode-characters/answer/Ciro-Santilli-%E5%85%AD%E5%9B%9B%E4%BA%8B%E4%BB%B6-%E6%B3%95%E8%BD%AE%E5%8A%9F-%E7%BA%B3%E7%B1%B3%E6%AF%94%E4%BA%9A-%E5%A8%81%E8%A7%86).
+
+    -   Basmala ﷽
+
+        <https://github.com/cirosantilli/test-git-web-interface/blob/fc0bf02b85e42e649127d964057e594361c4f305/%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD%EF%B7%BD>
+
+    -   Unicode Thai combining characters ส็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็
+
+        <https://github.com/cirosantilli/test-git-web-interface/blob/de4a8e71fe6a1fe7f6e95b864c833b0e6965996b/%E0%B8%AA%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87%E0%B9%87>
+
+Magic Git files:
+
+-   Git directory inside Git directory: [_git](_git).
+
+    For further mischief, the files in that directory were copied to the top-level of the repository.
+
+-   [.gitattributes](.gitattributes): TODO empty
+
+    Does not seems to lead to arbitrary code execution, as available diff and merge drivers must be set on the config.
+
+    GitHub seems to ignore it: <http://stackoverflow.com/a/24382933/895245>
+
+Other interesting things to do are the uppercase `.Git` and the `.git` file, which did not fit well in this repository.
+
+XSS attempts:
+
+- [<script>](<script>)
+- `<script src="data:text;utf8,alert('xss')">`
+- [svg.svg](svg.svg), with an XSS attempt
+- [sym-xss](sym-xss). It's path is an XSS attempt.

generate-commits-fast.md

@@ -0,0 +1,16 @@
+## Generate many commits fast
+
+It is sometimes interesting to generate a ton of commits to test some edge case, but it is not trivial to go way above 1000 commits in a reasonable amount of time.
+
+Bottom line: don't use `git`. The manual Python code under [other-test-repos](other-test-repos/) presents a huge speedup. TODO: try gitlib2.
+
+1000 operations take on a my computer:
+
+- echo to file, add and commit: 43s
+- empty commit with `--allow-empt`: 23s
+- `openssl dgst -sha1`: 22s
+- `git hash-object --stdin -w`: 21s
+- `git hash-object --stdin`: 20s
+- `sha1sum` Coreutils: 1.4s.
+- touch: 0.9s (same on ramfs).
+- `time python3 <(printf 'import hashlib; import sys;\nfor i in range(1000): print(hashlib.sha1(str(i).encode("ascii")).hexdigest())')`: 0.14s TODO: why so much faster than `hash-object`? This is minimum bottleneck per CPU.

include.adoc

@@ -0,0 +1 @@
+*bold*

issue-md.md

@@ -0,0 +1,62 @@
+- GitHub: https://github.com/cirosantilli/test/issues/4
+- GitLab: https://gitlab.com/cirosantilli/test/issues/1
+
+# Line breaks at newline
+
+line1
+line2
+
+# References
+
+commit SHA reference:
+
+- full URL: https://github.com/cirosantilli/test/commit/429ebfd5c2aebc7debe32347cb7b19869fa4dd29 https://gitlab.com/cirosantilli/test/commit/429ebfd5c2aebc7debe32347cb7b19869fa4dd29
+- full SHA: 429ebfd5c2aebc7debe32347cb7b19869fa4dd29
+- 7 char SHA: 429ebfd
+- 6 char SHA: 429ebf deface
+- 4 char SHA: 429e defa
+
+Commit non-SHA reference:
+
+- tag: https://github.com/cirosantilli/test/commit/annotated https://gitlab.com/cirosantilli/test/commit/annotated
+- branch: https://github.com/cirosantilli/test/commit/branch-8 https://gitlab.com/cirosantilli/test/commit/branch-8
+
+Issue reference:
+
+- full URL: https://github.com/cirosantilli/test/issues/5
+- zero padded: #000000000000000000000000000000000000000000000000005 , https://github.com/isaacs/github/issues/372
+
+MR reference:
+
+- full URL https://github.com/cirosantilli/test/pull/1 https://gitlab.com/cirosantilli/test/merge_requests/1
+- hash id: #1
+
+Tag reference: https://github.com/cirosantilli/test/releases/tag/annotated
+
+## At mention
+
+- regular one to another user that exists: @cirosantilli-puppet
+
+- reserved GitHub usernames which don't 404.
+    - the at mention link gets created as of 2015-04-01: @about @pricing
+    - blacklisted that don't 404: @account @c @explore @help @jobs @login @logout @plans @security @settings @shop @signup @status @styleguide @wiki
+
+- Blacklist as of 2010 by an employee: http://www.quora.com/How-do-sites-prevent-vanity-URLs-from-colliding-with-future-features/answer/Kyle-Neath GitHub simply renames squatters. As of 2015-04-01, better was unblacklisted. @account @admin @api @better @blog @cache @changelog @codereview @compare @enterprise @gist @help @hosting @jobs @jobs @lists @login @logout @mine @news @organizations @plans @popular @projects @security @shop @signup @status @stories @styleguide @tour @translations @wiki
+
+- invalid usernames that don't 404 @README.md @CONTRIBUTING.md @500 @404 
+
+# Wide stuff
+
+mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
+
+|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+
+# Links
+
+Absolute go to domain: [/README.md](/README.md)
+
+Relative just break: [README.md](README.md).
+
+On GitHub 2015-01, existing files break to 406, and non existent ones to 404. Interesting.

long-chinese-commit-msg

@@ -0,0 +1,7 @@
+This file was created for the long Chinese commit message.
+
+Never modify it so it will always show on the tree.
+
+The message was generated with:
+
+    git commit -m `python -c 'print "长" * 255'`