(t *testing.T)
| 138 | } |
| 139 | |
| 140 | func TestSubsystem(t *testing.T) { |
| 141 | backend := &dummyBackend{} |
| 142 | session := &sessionHandler{ |
| 143 | config: config.SecurityConfig{}, |
| 144 | backend: backend, |
| 145 | sshConnection: &sshConnectionHandler{ |
| 146 | lock: &sync.Mutex{}, |
| 147 | }, |
| 148 | logger: log.NewTestLogger(t), |
| 149 | } |
| 150 | |
| 151 | session.config.Subsystem.Mode = config.ExecutionPolicyDisable |
| 152 | assert.Error(t, session.OnSubsystem(1, "sftp")) |
| 153 | |
| 154 | session.config.Subsystem.Mode = config.ExecutionPolicyFilter |
| 155 | assert.Error(t, session.OnSubsystem(1, "sftp")) |
| 156 | session.config.Subsystem.Allow = []string{"sftp"} |
| 157 | assert.NoError(t, session.OnSubsystem(1, "sftp")) |
| 158 | |
| 159 | session.config.Subsystem.Mode = config.ExecutionPolicyEnable |
| 160 | session.config.Subsystem.Allow = []string{} |
| 161 | assert.NoError(t, session.OnSubsystem(1, "sftp")) |
| 162 | session.config.Subsystem.Deny = []string{"sftp"} |
| 163 | assert.Error(t, session.OnSubsystem(1, "sftp")) |
| 164 | |
| 165 | session.config.Subsystem.Mode = config.ExecutionPolicyEnable |
| 166 | backend.commandsExecuted = []string{} |
| 167 | session.config.Subsystem.Deny = []string{} |
| 168 | backend.env = map[string]string{} |
| 169 | assert.NoError(t, session.OnSubsystem(1, "sftp")) |
| 170 | assert.Equal(t, []string{"sftp"}, backend.commandsExecuted) |
| 171 | assert.Equal(t, map[string]string{}, backend.env) |
| 172 | |
| 173 | session.config.Subsystem.Mode = config.ExecutionPolicyEnable |
| 174 | session.config.ForceCommand = "/bin/wrapper" |
| 175 | backend.commandsExecuted = []string{} |
| 176 | session.config.Subsystem.Deny = []string{} |
| 177 | backend.env = map[string]string{} |
| 178 | assert.NoError(t, session.OnSubsystem(1, "sftp")) |
| 179 | assert.Equal(t, []string{"/bin/wrapper"}, backend.commandsExecuted) |
| 180 | assert.Equal(t, map[string]string{"SSH_ORIGINAL_COMMAND": "sftp"}, backend.env) |
| 181 | } |
| 182 | |
| 183 | // region Dummy backend |
| 184 | type dummyBackend struct { |
nothing calls this directly
no test coverage detected