mirror of
https://github.com/romkatv/powerlevel10k.git
synced 2024-12-12 19:18:28 +02:00
Add tests for branch name vulnerability
This commit is contained in:
parent
6085a74abf
commit
7bc5366af1
@ -490,4 +490,15 @@ function testDetectingUntrackedFilesInCleanSubdirectoryWorks() {
|
||||
assertEquals "%K{002} %F{000} master ? %k%F{002}%f " "$(build_left_prompt)"
|
||||
}
|
||||
|
||||
function testBranchNameScriptingVulnerability() {
|
||||
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
|
||||
chmod +x evil_script.sh
|
||||
|
||||
git checkout -b "$(./evil_script.sh)" 2>/dev/null
|
||||
git add . 2>/dev/null
|
||||
git commit -m "Initial commit" >/dev/null
|
||||
|
||||
assertEquals "%K{002} %F{000} %f%F{000} \$(./evil_script.sh) %k%F{002}%f " "$(__p9k_build_left_prompt)"
|
||||
}
|
||||
|
||||
source shunit2/shunit2
|
||||
|
@ -204,4 +204,15 @@ function testBookmarkIconWorks() {
|
||||
assertEquals "%K{002} %F{000} default Binitial %k%F{002}%f " "$(build_left_prompt)"
|
||||
}
|
||||
|
||||
source shunit2/shunit2
|
||||
function testBranchNameScriptingVulnerability() {
|
||||
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
|
||||
chmod +x evil_script.sh
|
||||
|
||||
hg branch '$(./evil_script.sh)' >/dev/null
|
||||
hg add . >/dev/null
|
||||
hg commit -m "Initial commit" >/dev/null
|
||||
|
||||
assertEquals "%K{002} %F{000} %f%F{000} \$(./evil_script.sh) %k%F{002}%f " "$(build_left_prompt)"
|
||||
}
|
||||
|
||||
source shunit2/shunit2
|
||||
|
Loading…
Reference in New Issue
Block a user