Skip to content
This repository has been archived by the owner on Apr 24, 2020. It is now read-only.

Commit

Permalink
Merge pull request #1074 from dritter/add_vcs_vulnerability_tests_master
Browse files Browse the repository at this point in the history 
Add vcs vulnerability tests master
  • Loading branch information
@dritter
dritter committed Nov 17, 2018
2 parents 6085a74 + a72a82b commit 67fd577
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
13 changes: 13 additions & 0 deletions test/segments/vcs-git.spec
View file
Expand Up @@ -490,4 +490,17 @@ function testDetectingUntrackedFilesInCleanSubdirectoryWorks() {
assertEquals "%K{002} %F{000} master ? %k%F{002}%f " "$(build_left_prompt)"
}

function testBranchNameScriptingVulnerability() {
local -a POWERLEVEL9K_LEFT_PROMPT_ELEMENTS
POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(vcs)
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
chmod +x evil_script.sh

git checkout -b '$(./evil_script.sh)' 2>/dev/null
git add . 2>/dev/null
git commit -m "Initial commit" >/dev/null

assertEquals '%K{002} %F{000} $(./evil_script.sh) %k%F{002}%f ' "$(build_left_prompt)"
}

source shunit2/shunit2
15 changes: 14 additions & 1 deletion test/segments/vcs-hg.spec
View file
Expand Up @@ -204,4 +204,17 @@ function testBookmarkIconWorks() {
assertEquals "%K{002} %F{000} default Binitial %k%F{002}%f " "$(build_left_prompt)"
}

source shunit2/shunit2
function testBranchNameScriptingVulnerability() {
local -a POWERLEVEL9K_LEFT_PROMPT_ELEMENTS
POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(vcs)
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
chmod +x evil_script.sh

hg branch '$(./evil_script.sh)' >/dev/null
hg add . >/dev/null
hg commit -m "Initial commit" >/dev/null

assertEquals '%K{002} %F{000} $(./evil_script.sh) %k%F{002}%f ' "$(build_left_prompt)"
}

source shunit2/shunit2

0 comments on commit 67fd577

Please sign in to comment.