pashage

Yet Another Opinionated Re-engineering of the Unix Password Store
git clone https://git.instinctive.eu/pashage.git
Log | Files | Refs | README | LICENSE
commit 72c3a951b130d62ab001145a33fe13d0c00383b5
parent 215f3b50a25626e038daf49713f9b22d5c4458ad
Author: Natasha Kerensikova <natgh@instinctive.eu>
Date:   Sun, 20 Oct 2024 09:40:54 +0000

Pass-like rejection of “sneaky” paths is tested
Diffstat:

Mspec/pass_spec.sh | 131+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


1 file changed, 131 insertions(+), 0 deletions(-)

diff --git a/spec/pass_spec.sh b/spec/pass_spec.sh
@@ -480,6 +480,18 @@ Describe 'Pass-like command'
       The result of function git_log should be successful
       The contents of file "${GITLOG}" should equal "$(setup_log)"
     End
+
+    It 'rejects a path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      Skip if 'passage has no init' [ "$2" = passage ]
+      When run script $1 init --path fluff/../newdir new-id
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The directory "${PREFIX}/newdir" should not be exist
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
   End
 
   Describe 'ls'
@@ -567,6 +579,16 @@ Describe 'Pass-like command'
       The output should be blank
       The error should equal 'Error: stale/ is not in the password store.'
     End
+
+    It 'rejects a path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      When run script $1 subdir/../fluff/
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
   End
 
   Describe 'find'
@@ -690,6 +712,16 @@ Describe 'Pass-like command'
       }
       The error should start with "$(expected_err)"
     End
+
+    It 'rejects a path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      When run script $1 subdir/../fluff/one
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
   End
 
   Describe 'grep'
@@ -876,6 +908,18 @@ Describe 'Pass-like command'
       The result of function git_log should be successful
       The contents of file "${GITLOG}" should equal "$(expected_log $3)"
     End
+
+    It 'rejects a path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      When run script $1 insert -e fluff/../new-secret
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The file "${PREFIX}/new-secret.age" should not be exist
+      The file "${PREFIX}/new-secret.gpg" should not be exist
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
   End
 
   Describe 'edit'
@@ -1105,6 +1149,17 @@ Describe 'Pass-like command'
       The result of function git_log should be successful
       The contents of file "${GITLOG}" should equal "$(setup_log)"
     End
+
+    It 'rejects a path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      EDITOR=true
+      When run script $1 edit subdir/../stale
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
   End
 
   Describe 'generate'
@@ -1304,6 +1359,18 @@ Describe 'Pass-like command'
       The result of function git_log should be successful
       The contents of file "${GITLOG}" should equal "$(expected_log $3)"
     End
+
+    It 'rejects a path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      When run script $1 generate subdir/../new-secret
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The file "${PREFIX}/new-secret.age" should not be exist
+      The file "${PREFIX}/new-secret.gpg" should not be exist
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
   End
 
   Describe 'rm'
@@ -1439,6 +1506,18 @@ Describe 'Pass-like command'
       The result of function git_log should be successful
       The contents of file "${GITLOG}" should equal "$(setup_log)"
     End
+
+    It 'rejects a path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      When run script $1 delete subdir/../fluff/one
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The file "${PREFIX}/fluff/one.age" should be exist
+      The file "${PREFIX}/fluff/one.gpg" should be exist
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
   End
 
   Describe 'mv'
@@ -1792,6 +1871,34 @@ Describe 'Pass-like command'
       The result of function git_log should be successful
       The contents of file "${GITLOG}" should equal "$(setup_log)"
     End
+
+    It 'rejects a source path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      When run script $1 mv fluff/../stale subdir/
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The file "${PREFIX}/stale.age" should be exist
+      The file "${PREFIX}/stale.gpg" should be exist
+      The file "${PREFIX}/subdir/stale.age" should not be exist
+      The file "${PREFIX}/subdir/stale.gpg" should not be exist
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
+
+    It 'rejects a destination path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      When run script $1 mv subdir/file extra/subdir/..
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The file "${PREFIX}/subdir/file.age" should be exist
+      The file "${PREFIX}/subdir/file.gpg" should be exist
+      The file "${PREFIX}/extra/file.age" should not be exist
+      The file "${PREFIX}/extra/file.gpg" should not be exist
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
   End
 
   Describe 'cp'
@@ -2146,6 +2253,30 @@ Describe 'Pass-like command'
       The result of function git_log should be successful
       The contents of file "${GITLOG}" should equal "$(setup_log)"
     End
+
+    It 'rejects a source path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      When run script $1 cp fluff/../stale subdir/
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The file "${PREFIX}/subdir/stale.age" should not be exist
+      The file "${PREFIX}/subdir/stale.gpg" should not be exist
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
+
+    It 'rejects a destination path containing ..'
+      Skip if 'pass(age) needs bash' check_skip $2
+      When run script $1 cp subdir/file extra/subdir/..
+      The status should equal 1
+      The output should be blank
+      The error should include 'sneaky'
+      The file "${PREFIX}/extra/file.age" should not be exist
+      The file "${PREFIX}/extra/file.gpg" should not be exist
+      The result of function git_log should be successful
+      The contents of file "${GITLOG}" should equal "$(setup_log)"
+    End
   End
 
   Describe 'git'