[devscripts] 01/09: Add test for code execution when cleaning up "dirty" tarball
James McCoy
jamessan at debian.org
Mon Dec 23 20:46:19 UTC 2013
This is an automated email from the git hooks/post-receive script.
jamessan pushed a commit to branch master
in repository devscripts.
commit 89d0888eb2f3f6625a3f58bf54bc5e9bbc69d090
Author: James McCoy <jamessan at debian.org>
Date: Fri Dec 13 21:51:49 2013 -0500
Add test for code execution when cleaning up "dirty" tarball
Signed-off-by: James McCoy <jamessan at debian.org>
---
test/test_uscan | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/test/test_uscan b/test/test_uscan
index aa8ccf7..30f98b0 100755
--- a/test/test_uscan
+++ b/test/test_uscan
@@ -69,21 +69,24 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Files-Excluded: exclude-this
END
- mkdir -p $TMPDIR/repo/$PKG
- touch $TMPDIR/repo/$PKG/include-this
- touch $TMPDIR/repo/$PKG/exclude-this
+ mkdir -p $TMPDIR/repo
+ touch $TMPDIR/repo/include-this
+ touch $TMPDIR/repo/exclude-this
+ mkdir -p "$TMPDIR/repo/; echo baz; #/"
( cd $TMPDIR/repo ;
- tar cfz $PKG-1.tar.gz $PKG ;
+ tar cfz $PKG-1.tar.gz * ;
python -m SimpleHTTPServer $PORT &
echo $! > pid )
- ( cd $TMPDIR/$PKG ; $COMMAND )
+ OUTPUT=$( (cd $TMPDIR/$PKG ; $COMMAND) | grep baz)
TARBALL=${PKG}_1+dfsg.orig.tar.gz
assertTrue 'pristine tarball is not created' "[ -f $TMPDIR/$TARBALL ]"
assertNull 'file that must be excluded is present in the tarball' \
"$( tar tzf $TMPDIR/$TARBALL | grep exclude-this )"
+ # 731849
+ assertNull 'dirty root directory allowed command execution' "$OUTPUT"
cleanup
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git
More information about the devscripts-devel
mailing list