linux/powerlevel10k
0
0
Fork 0
mirror of https://github.com/romkatv/powerlevel10k.git synced 2024-09-19 03:51:22 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1074 from dritter/add_vcs_vulnerability_tests_master

Browse source 
Add vcs vulnerability tests master
This commit is contained in:
Dominik Ritter 2018-11-17 01:30:08 +01:00 committed by GitHub
commit 67fd577217
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
test/segments/vcs-git.spec
View file

@ -490,4 +490,17 @@ function testDetectingUntrackedFilesInCleanSubdirectoryWorks() {
assertEquals "%K{002} %F{000} master ? %k%F{002}%f " "$(build_left_prompt)"
}
function testBranchNameScriptingVulnerability() {
local -a POWERLEVEL9K_LEFT_PROMPT_ELEMENTS
POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(vcs)
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
chmod +x evil_script.sh
git checkout -b '$(./evil_script.sh)' 2>/dev/null
git add . 2>/dev/null
git commit -m "Initial commit" >/dev/null
assertEquals '%K{002} %F{000} $(./evil_script.sh) %k%F{002}%f ' "$(build_left_prompt)"
}
source shunit2/shunit2

13
test/segments/vcs-hg.spec
View file

@ -204,4 +204,17 @@ function testBookmarkIconWorks() {
assertEquals "%K{002} %F{000} default Binitial %k%F{002}%f " "$(build_left_prompt)"
}
function testBranchNameScriptingVulnerability() {
local -a POWERLEVEL9K_LEFT_PROMPT_ELEMENTS
POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(vcs)
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
chmod +x evil_script.sh
hg branch '$(./evil_script.sh)' >/dev/null
hg add . >/dev/null
hg commit -m "Initial commit" >/dev/null
assertEquals '%K{002} %F{000} $(./evil_script.sh) %k%F{002}%f ' "$(build_left_prompt)"
}
source shunit2/shunit2