diff options
Diffstat (limited to 'test/segments/vcs-git.spec')
| -rwxr-xr-x | test/segments/vcs-git.spec | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/test/segments/vcs-git.spec b/test/segments/vcs-git.spec index 17a277fb..ab2962c8 100755 --- a/test/segments/vcs-git.spec +++ b/test/segments/vcs-git.spec @@ -490,4 +490,17 @@ function testDetectingUntrackedFilesInCleanSubdirectoryWorks() { assertEquals "%K{002} %F{000} master ? %k%F{002}%f " "$(build_left_prompt)" } +function testBranchNameScriptingVulnerability() { + local -a POWERLEVEL9K_LEFT_PROMPT_ELEMENTS + POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(vcs) + echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh + chmod +x evil_script.sh + + git checkout -b '$(./evil_script.sh)' 2>/dev/null + git add . 2>/dev/null + git commit -m "Initial commit" >/dev/null + + assertEquals '%K{002} %F{000} $(./evil_script.sh) %k%F{002}%f ' "$(build_left_prompt)" +} + source shunit2/shunit2 |