Mercurial > dropbear
view test/test_svrauth.py @ 1885:5d8dbb6fdab7
Fix SSH_PUBKEYINFO, limit characters, add tests
We fix a bad_bufptr() failure from a previous commit. We now limit
the allowed characters to those that will definitely be safe
in a shell. Some scripts/programs may use arbitrary environment
variables without escaping correctly - that could be a problem
in a restricted environment.
The current allowed set is a-z A-Z 0-9 .,_-+@
This also adds a test for SSH_PUBKEYINFO, by default it only runs
under github actions (or "act -j build").
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 16 Mar 2022 17:17:23 +0800 |
parents | |
children | 30fd047f6ebf |
line wrap: on
line source
from test_dropbear import * import signal import queue import socket import os from pathlib import Path # Tests for server side authentication # Requires keyfile and authorized_keys set up in github action build.yml @pytest.mark.skipif('DBTEST_IN_ACTION' not in os.environ, reason="DBTEST_PUBKEYINFO not set") def test_pubkeyinfo(request, dropbear): kf = str(Path.home() / ".ssh/id_dropbear_key2") r = dbclient(request, "-i", kf, "echo -n $SSH_PUBKEYINFO", capture_output=True) # stop at first space assert r.stdout.decode() == "key2" @pytest.mark.skipif('DBTEST_IN_ACTION' not in os.environ, reason="DBTEST_PUBKEYINFO not set") def test_pubkeyinfo_special(request, dropbear): kf = str(Path.home() / ".ssh/id_dropbear_key3") r = dbclient(request, "-i", kf, "echo -n $SSH_PUBKEYINFO", capture_output=True) # comment contains special characters so the SSH_PUBKEYINFO should not be set assert r.stdout.decode() == "" @pytest.mark.skipif('DBTEST_IN_ACTION' not in os.environ, reason="DBTEST_PUBKEYINFO not set") def test_pubkeyinfo_okchar(request, dropbear): kf = str(Path.home() / ".ssh/id_dropbear_key4") r = dbclient(request, "-i", kf, "echo -n $SSH_PUBKEYINFO", capture_output=True) # comment contains special characters so the SSH_PUBKEYINFO should not be set assert r.stdout.decode() == "key4,char"