Customization/powerlevel10k
1
0
Fork 0
mirror of https://github.com/romkatv/powerlevel10k.git synced 2024-11-18 02:30:07 +00:00
Code Releases Activity

Add tests for branch name vulnerability

Browse source
This commit is contained in:
Dominik Ritter 2018-11-15 01:18:46 +01:00
parent 6085a74abf
commit 7bc5366af1
2 changed files with 23 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
test/segments/vcs-git.spec
View file

@ -490,4 +490,15 @@ function testDetectingUntrackedFilesInCleanSubdirectoryWorks() {
assertEquals "%K{002} %F{000} master ? %k%F{002}%f " "$(build_left_prompt)" assertEquals "%K{002} %F{000} master ? %k%F{002}%f " "$(build_left_prompt)"
} }
function testBranchNameScriptingVulnerability() {
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
chmod +x evil_script.sh
git checkout -b "$(./evil_script.sh)" 2>/dev/null
git add . 2>/dev/null
git commit -m "Initial commit" >/dev/null
assertEquals "%K{002} %F{000} %f%F{000} \$(./evil_script.sh) %k%F{002}%f " "$(__p9k_build_left_prompt)"
}
source shunit2/shunit2 source shunit2/shunit2

13
test/segments/vcs-hg.spec
View file

@ -204,4 +204,15 @@ function testBookmarkIconWorks() {
assertEquals "%K{002} %F{000} default Binitial %k%F{002}%f " "$(build_left_prompt)" assertEquals "%K{002} %F{000} default Binitial %k%F{002}%f " "$(build_left_prompt)"
} }
source shunit2/shunit2 function testBranchNameScriptingVulnerability() {
echo "#!/bin/sh\n\necho 'hacked'\n" > evil_script.sh
chmod +x evil_script.sh
hg branch '$(./evil_script.sh)' >/dev/null
hg add . >/dev/null
hg commit -m "Initial commit" >/dev/null
assertEquals "%K{002} %F{000} %f%F{000} \$(./evil_script.sh) %k%F{002}%f " "$(build_left_prompt)"
}
source shunit2/shunit2