MCPcopy Index your code
hub / github.com/filebrowser/filebrowser / TestRunCommandNoCredentialInjection

Function TestRunCommandNoCredentialInjection

auth/hook_test.go:26–56  ·  view source on GitHub ↗

TestRunCommandNoCredentialInjection ensures that attacker-controlled credentials submitted at the unauthenticated login endpoint cannot be injected into the hook command string. Credentials must only ever reach the hook through the USERNAME/PASSWORD environment variables, never via string substituti

(t *testing.T)

Source from the content-addressed store, hash-verified

24// hook through the USERNAME/PASSWORD environment variables, never via string
25// substitution into the command itself (CWE-78/CWE-88).
26func TestRunCommandNoCredentialInjection(t *testing.T) {
27 if runtime.GOOS == "windows" {
28 t.Skip("uses POSIX shell")
29 }
30
31 marker := filepath.Join(t.TempDir(), "pwned")
32
33 // The hook simply blocks. If the credential were ever interpolated into the
34 // command string and evaluated by a shell, the embedded `touch` would
35 // create the marker file.
36 script := writeHookScript(t, "echo hook.action=block\n")
37
38 a := &HookAuth{
39 Command: script,
40 Cred: hookCred{
41 Username: `"; touch ` + marker + `; #`,
42 Password: `$(touch ` + marker + `)`,
43 },
44 }
45
46 action, err := a.RunCommand()
47 if err != nil {
48 t.Fatalf("RunCommand returned error: %v", err)
49 }
50 if action != "block" {
51 t.Fatalf("expected action %q, got %q", "block", action)
52 }
53 if _, err := os.Stat(marker); err == nil {
54 t.Fatalf("credential injection executed: marker file %q was created", marker)
55 }
56}
57
58// TestRunCommandReceivesCredentialsViaEnv verifies the supported contract: the
59// hook receives credentials through the USERNAME and PASSWORD environment

Callers

nothing calls this directly

Calls 3

RunCommandMethod · 0.95
writeHookScriptFunction · 0.85
StatMethod · 0.45

Tested by

no test coverage detected