Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test for reported vulnerabilities #13

Merged
merged 2 commits into from Jan 20, 2021
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Next
Add test for reported vulnerabilities
  • Loading branch information
omrilotan committed Jan 20, 2021
commit 611823bd97dd41e9e8127c38066868ff9dcfa57a
1 change: 1 addition & 0 deletions .npmignore
@@ -1,3 +1,4 @@
.*
*.log
spec.js
vulnerabilities/*
1 change: 1 addition & 0 deletions package.json
Expand Up @@ -33,6 +33,7 @@
"async-execute": "^1.1.0"
},
"devDependencies": {
"@lets/wait": "^2.0.2",
"@omrilotan/eslint-config": "^1.1.0",
"abuser": "^2.0.2",
"chai": "^4.2.0",
Expand Down
46 changes: 46 additions & 0 deletions vulnerabilities/spec.js
@@ -0,0 +1,46 @@
const { promises: { access, unlink } } = require('fs');
const wait = require('@lets/wait');
const git = require('..');

/**
* Check if file exists
* @param {string}
* @returns {boolean}
*/
const exists = async path => {
try {
await access(path);
return true;
} catch {
return false;
}
};

/**
* Fail silently and asynchronously
* @param {function}
* @param {...any}
* @returns {any}
*/
async function softly(fn, ...args) {
try {
return await fn(...args);
} catch (error) {
// ignore
}
}

describe('vulnerabilities', async() => {
afterEach(async() => {
await wait(100);
await softly(unlink, 'HACKED');
});
it('shell injection in reset', async() => {
await softly(git.reset, '; touch HACKED #');
expect(await exists('HACKED')).to.be.false;
});
it('shell injection in tag', async() => {
await softly(git.tag, '; touch HACKED #');
expect(await exists('HACKED')).to.be.false;
});
});