|
1 | 1 | import * as common from '../common/index.mjs'; |
2 | 2 | import * as fixtures from '../common/fixtures.mjs'; |
3 | 3 | import { EOL } from 'node:os'; |
4 | | -import { strictEqual } from 'node:assert'; |
| 4 | +import { strictEqual, notStrictEqual, throws } from 'node:assert'; |
5 | 5 | import cp from 'node:child_process'; |
6 | 6 |
|
7 | 7 | // TODO(LiviaMedeiros): test on different platforms |
@@ -57,3 +57,35 @@ for (const tamperedUID of [0, 1, 999, 1000, 0n, 'gwak']) { |
57 | 57 |
|
58 | 58 | delete Object.prototype.execPath; |
59 | 59 | } |
| 60 | + |
| 61 | +for (const shellCommandArgument of ['-L && echo "tampered"']) { |
| 62 | + Object.prototype.shell = true; |
| 63 | + const cmd = 'pwd'; |
| 64 | + let cmdExitCode = ''; |
| 65 | + |
| 66 | + const program = cp.spawn(cmd, [shellCommandArgument], { cwd: expectedCWD }); |
| 67 | + program.stderr.on('data', common.mustCall()); |
| 68 | + program.stdout.on('data', common.mustNotCall()); |
| 69 | + |
| 70 | + program.on('exit', common.mustCall((code) => { |
| 71 | + notStrictEqual(code, 0); |
| 72 | + })); |
| 73 | + |
| 74 | + cp.execFile(cmd, [shellCommandArgument], { cwd: expectedCWD }, |
| 75 | + common.mustCall((err) => { |
| 76 | + notStrictEqual(err.code, 0); |
| 77 | + }) |
| 78 | + ); |
| 79 | + |
| 80 | + throws(() => { |
| 81 | + cp.execFileSync(cmd, [shellCommandArgument], { cwd: expectedCWD }); |
| 82 | + }, (e) => { |
| 83 | + notStrictEqual(e.status, 0); |
| 84 | + return true; |
| 85 | + }); |
| 86 | + |
| 87 | + cmdExitCode = cp.spawnSync(cmd, [shellCommandArgument], { cwd: expectedCWD }).status; |
| 88 | + notStrictEqual(cmdExitCode, 0); |
| 89 | + |
| 90 | + delete Object.prototype.shell; |
| 91 | +} |
0 commit comments