Tests: add unsafe paste test

elementary · Dec 9, 2024 · a5e7ada · a5e7ada
1 parent c2852a5
commit a5e7ada
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 6 deletions.
diff --git a/src/Utils.vala b/src/Utils.vala
@@ -120,6 +120,21 @@ namespace Terminal.Utils {
         return uri;
     }
 
+    public bool is_safe_paste (string text, out string msg) {
+        if ("\n" in text || "&" in text || "|" in text || ";" in text ) {
+            msg = _("The pasted text may contain multiple commands");
+            return false;
+        }
+
+        if ("sudo " in text || "doas " in text || "run0 " in text || "pkexec " in text || "su " in text) {
+            msg = _("The pasted text may be trying to gain administrative access");
+            return false;
+        }
+
+        msg = null;
+        return true;
+    }
+
     public string? escape_uri (string uri, bool allow_utf8 = true, bool allow_single_quote = true) {
         // We only want to allow '#' in appropriate position for fragment identifier, i.e. after the last directory separator.
         var placeholder = "::::::";

diff --git a/src/Widgets/TerminalWidget.vala b/src/Widgets/TerminalWidget.vala
@@ -537,12 +537,8 @@ namespace Terminal {
             }
 
 
-            string? warn_text = null;
-            if ("\n" in text || "&" in text || "|" in text || ";" in text ) {
-                warn_text = _("The pasted text may contain multiple commands");
-            } else if ("sudo " in text || "doas " in text || "run0 " in text || "pkexec " in text || "su " in text) {
-                warn_text = _("The pasted text may be trying to gain administrative access");
-            }
+            string? warn_text;
+            Utils.is_safe_paste (text, out warn_text);
 
             // No user interaction for safe commands
             if (warn_text == null) {

diff --git a/src/meson.build b/src/meson.build
@@ -71,3 +71,5 @@ test(
     protocol: 'tap',
     depends: test_schemas
 )
+
+subdir('tests')
diff --git a/src/tests/UnsafePasteTest.vala b/src/tests/UnsafePasteTest.vala
@@ -0,0 +1,34 @@
+/*
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ * SPDX-FileCopyrightText: 2024 elementary, Inc. (https://elementary.io)
+ */
+
+private void main (string[] args) {
+    Test.init (ref args);
+
+    Test.add_func ("/valid", () => {
+        string msg;
+
+        // false positive for su
+        assert (Terminal.Utils.is_safe_paste ("suspend", out msg));
+    });
+
+    Test.add_func ("/invalid", () => {
+        string msg;
+
+        // Elevated permissions
+        assert (!Terminal.Utils.is_safe_paste ("doas pacman -Syu", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("pkexec visudo", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("run0 --nice=19 my-task-with-low-priority", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("su username", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("sudo apt autoremove", out msg));
+
+        // Multi-line commands
+        assert (!Terminal.Utils.is_safe_paste ("\n", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("&", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("|", out msg));
+        assert (!Terminal.Utils.is_safe_paste (";", out msg));
+    });
+
+    Test.run ();
+}
diff --git a/src/tests/meson.build b/src/tests/meson.build
@@ -0,0 +1,12 @@
+unsafe_paste_test = executable(
+    'UnsafePasteTest',
+    'UnsafePasteTest.vala',
+    meson.project_source_root() / 'src' / 'Utils.vala',
+    dependencies: [
+        glib_dep,
+        gtk_dep
+    ],
+    install: false
+)
+
+test('UnsafePaste Test', unsafe_paste_test)