diff options
author | Dominik Ritter <dritter03@googlemail.com> | 2018-11-17 03:30:08 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-17 03:30:08 +0300 |
commit | 67fd57721773e8fbcd1da96e374e7116056a86db (patch) | |
tree | c4d6be4ce2ad28f56e28fba9dce6eefb878a522b /test | |
parent | 6085a74abf0d6d34fbf39865495f13fbbf535a12 (diff) | |
parent | a72a82b4b1641cde227a403add758d49c2782914 (diff) |
Merge pull request #1074 from dritter/add_vcs_vulnerability_tests_master
Add vcs vulnerability tests master
Diffstat (limited to 'test')
-rwxr-xr-x | test/segments/vcs-git.spec | 13 | ||||
-rwxr-xr-x | test/segments/vcs-hg.spec | 15 |
2 files changed, 27 insertions, 1 deletions
diff --git a/test/segments/vcs-git.spec b/test/segments/vcs-git.spec index 17a277fb..ab2962c8 100755 --- a/test/segments/vcs-git.spec +++ b/test/segments/vcs-git.spec @@ -490,4 +490,17 @@ function testDetectingUntrackedFilesInCleanSubdirectoryWorks() { assertEquals "%K{002} %F{000} master ? %k%F{002}%f " "$(build_left_prompt)" } +function testBranchNameScriptingVulnerability() { + local -a POWERLEVEL9K_LEFT_PROMPT_ELEMENTS + POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(vcs) + echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh + chmod +x evil_script.sh + + git checkout -b '$(./evil_script.sh)' 2>/dev/null + git add . 2>/dev/null + git commit -m "Initial commit" >/dev/null + + assertEquals '%K{002} %F{000} $(./evil_script.sh) %k%F{002}%f ' "$(build_left_prompt)" +} + source shunit2/shunit2 diff --git a/test/segments/vcs-hg.spec b/test/segments/vcs-hg.spec index 2903f544..c4289cef 100755 --- a/test/segments/vcs-hg.spec +++ b/test/segments/vcs-hg.spec @@ -204,4 +204,17 @@ function testBookmarkIconWorks() { assertEquals "%K{002} %F{000} default Binitial %k%F{002}%f " "$(build_left_prompt)" } -source shunit2/shunit2
\ No newline at end of file +function testBranchNameScriptingVulnerability() { + local -a POWERLEVEL9K_LEFT_PROMPT_ELEMENTS + POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(vcs) + echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh + chmod +x evil_script.sh + + hg branch '$(./evil_script.sh)' >/dev/null + hg add . >/dev/null + hg commit -m "Initial commit" >/dev/null + + assertEquals '%K{002} %F{000} $(./evil_script.sh) %k%F{002}%f ' "$(build_left_prompt)" +} + +source shunit2/shunit2 |