Mercurial > vim
annotate src/testdir/test_ga.vim @ 33664:06b59278bfcf v9.0.2070
patch 9.0.2070: [security] disallow setting env in restricted mode
Commit: https://github.com/vim/vim/commit/6b89dd6a7257a1e2e9c7ea070b407bc4674a5118
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Oct 26 22:14:17 2023 +0200
patch 9.0.2070: [security] disallow setting env in restricted mode
Problem: [security] disallow setting env in restricted mode
Solution: Setting environment variables in restricted mode could
potentially be used to execute shell commands. Disallow this.
restricted mode: disable allow setting of environment variables
Setting environment variables in restricted mode, may have some unwanted
consequences. So, for example by setting $GCONV_PATH in restricted mode
and then calling the iconv() function, one may be able to execute some
unwanted payload, because the `iconv_open()` function internally uses
the `$GCONV_PATH` variable to find its conversion data.
So let's disable setting environment variables, even so this is no
complete protection, since we are not clearing the existing environment.
I tried a few ways but wasn't successful :(
One could also argue to disable the iconv() function completely in
restricted mode, but who knows what other API functions can be
influenced by setting some other unrelated environment variables.
So let's leave it as it is currently.
closes: #13394
See: https://huntr.com/bounties/b0a2eda1-459c-4e36-98e6-0cc7d7faccfe/
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Thu, 26 Oct 2023 22:30:03 +0200 |
| parents | 08940efa6b4e |
| children |
| rev | line source |
|---|---|
|
10799
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
1 " Test ga normal command, and :ascii Ex command. |
|
21765
08940efa6b4e
patch 8.2.1432: various inconsistencies in test files
Bram Moolenaar <Bram@vim.org>
parents:
20703
diff
changeset
|
2 |
|
10799
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
3 func Do_ga(c) |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
4 call setline(1, a:c) |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
5 let l:a = execute("norm 1goga") |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
6 let l:b = execute("ascii") |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
7 call assert_equal(l:a, l:b) |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
8 return l:a |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
9 endfunc |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
10 |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
11 func Test_ga_command() |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
12 new |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
13 set display=uhex |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
14 call assert_equal("\nNUL", Do_ga('')) |
|
13359
81c348d40312
patch 8.0.1553: cannot see what digraph is used to insert a character
Christian Brabandt <cb@256bit.org>
parents:
10799
diff
changeset
|
15 call assert_equal("\n<<01>> 1, Hex 01, Oct 001, Digr SH", Do_ga("\x01")) |
|
81c348d40312
patch 8.0.1553: cannot see what digraph is used to insert a character
Christian Brabandt <cb@256bit.org>
parents:
10799
diff
changeset
|
16 call assert_equal("\n<<09>> 9, Hex 09, Oct 011, Digr HT", Do_ga("\t")) |
|
10799
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
17 |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
18 set display= |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
19 call assert_equal("\nNUL", Do_ga('')) |
|
13359
81c348d40312
patch 8.0.1553: cannot see what digraph is used to insert a character
Christian Brabandt <cb@256bit.org>
parents:
10799
diff
changeset
|
20 call assert_equal("\n<^A> 1, Hex 01, Oct 001, Digr SH", Do_ga("\x01")) |
|
81c348d40312
patch 8.0.1553: cannot see what digraph is used to insert a character
Christian Brabandt <cb@256bit.org>
parents:
10799
diff
changeset
|
21 call assert_equal("\n<^I> 9, Hex 09, Oct 011, Digr HT", Do_ga("\t")) |
|
19231
b8fd7364befd
patch 8.2.0174: various commands not completely tested
Bram Moolenaar <Bram@vim.org>
parents:
15607
diff
changeset
|
22 call assert_equal("\n<^@> 0, Hex 00, Octal 000", Do_ga("\n")) |
|
10799
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
23 |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
24 call assert_equal("\n<e> 101, Hex 65, Octal 145", Do_ga('e')) |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
25 |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
26 " Test a few multi-bytes characters. |
|
13359
81c348d40312
patch 8.0.1553: cannot see what digraph is used to insert a character
Christian Brabandt <cb@256bit.org>
parents:
10799
diff
changeset
|
27 call assert_equal("\n<é> 233, Hex 00e9, Oct 351, Digr e'", Do_ga('é')) |
|
81c348d40312
patch 8.0.1553: cannot see what digraph is used to insert a character
Christian Brabandt <cb@256bit.org>
parents:
10799
diff
changeset
|
28 call assert_equal("\n<ẻ> 7867, Hex 1ebb, Oct 17273, Digr e2", Do_ga('ẻ')) |
|
20703
ce55e65d7e41
patch 8.2.0905: test coverage could be better
Bram Moolenaar <Bram@vim.org>
parents:
19231
diff
changeset
|
29 call assert_equal("\n<\U00012345> 74565, Hex 00012345, Octal 221505", Do_ga("\U00012345")) |
|
10799
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
30 |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
31 " Test with combining characters. |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
32 call assert_equal("\n<e> 101, Hex 65, Octal 145 < ́> 769, Hex 0301, Octal 1401", Do_ga("e\u0301")) |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
33 call assert_equal("\n<e> 101, Hex 65, Octal 145 < ́> 769, Hex 0301, Octal 1401 < ̱> 817, Hex 0331, Octal 1461", Do_ga("e\u0301\u0331")) |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
34 call assert_equal("\n<e> 101, Hex 65, Octal 145 < ́> 769, Hex 0301, Octal 1401 < ̱> 817, Hex 0331, Octal 1461 < ̸> 824, Hex 0338, Octal 1470", Do_ga("e\u0301\u0331\u0338")) |
|
19231
b8fd7364befd
patch 8.2.0174: various commands not completely tested
Bram Moolenaar <Bram@vim.org>
parents:
15607
diff
changeset
|
35 |
|
b8fd7364befd
patch 8.2.0174: various commands not completely tested
Bram Moolenaar <Bram@vim.org>
parents:
15607
diff
changeset
|
36 " When using Mac fileformat, CR instead of NL is used for line termination |
|
b8fd7364befd
patch 8.2.0174: various commands not completely tested
Bram Moolenaar <Bram@vim.org>
parents:
15607
diff
changeset
|
37 enew! |
|
b8fd7364befd
patch 8.2.0174: various commands not completely tested
Bram Moolenaar <Bram@vim.org>
parents:
15607
diff
changeset
|
38 set fileformat=mac |
|
b8fd7364befd
patch 8.2.0174: various commands not completely tested
Bram Moolenaar <Bram@vim.org>
parents:
15607
diff
changeset
|
39 call assert_equal("\n<^J> 10, Hex 0a, Oct 012, Digr NU", Do_ga("\r")) |
|
b8fd7364befd
patch 8.2.0174: various commands not completely tested
Bram Moolenaar <Bram@vim.org>
parents:
15607
diff
changeset
|
40 |
|
10799
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
41 bwipe! |
|
8c117418aea9
patch 8.0.0289: no test for "ga" and :ascii
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
42 endfunc |
|
19231
b8fd7364befd
patch 8.2.0174: various commands not completely tested
Bram Moolenaar <Bram@vim.org>
parents:
15607
diff
changeset
|
43 |
|
b8fd7364befd
patch 8.2.0174: various commands not completely tested
Bram Moolenaar <Bram@vim.org>
parents:
15607
diff
changeset
|
44 " vim: shiftwidth=2 sts=2 expandtab |