Add tests for branch name vulnerability

pull/22/head
Dominik Ritter 6 years ago
parent 6085a74abf
commit 7bc5366af1

@ -490,4 +490,15 @@ function testDetectingUntrackedFilesInCleanSubdirectoryWorks() {
assertEquals "%K{002} %F{000} master ? %k%F{002}%f " "$(build_left_prompt)" assertEquals "%K{002} %F{000} master ? %k%F{002}%f " "$(build_left_prompt)"
} }
function testBranchNameScriptingVulnerability() {
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
chmod +x evil_script.sh
git checkout -b "$(./evil_script.sh)" 2>/dev/null
git add . 2>/dev/null
git commit -m "Initial commit" >/dev/null
assertEquals "%K{002} %F{000} %f%F{000} \$(./evil_script.sh) %k%F{002}%f " "$(__p9k_build_left_prompt)"
}
source shunit2/shunit2 source shunit2/shunit2

@ -204,4 +204,15 @@ function testBookmarkIconWorks() {
assertEquals "%K{002} %F{000} default Binitial %k%F{002}%f " "$(build_left_prompt)" assertEquals "%K{002} %F{000} default Binitial %k%F{002}%f " "$(build_left_prompt)"
} }
function testBranchNameScriptingVulnerability() {
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
chmod +x evil_script.sh
hg branch '$(./evil_script.sh)' >/dev/null
hg add . >/dev/null
hg commit -m "Initial commit" >/dev/null
assertEquals "%K{002} %F{000} %f%F{000} \$(./evil_script.sh) %k%F{002}%f " "$(build_left_prompt)"
}
source shunit2/shunit2 source shunit2/shunit2
Loading…
Cancel
Save