inx/naj
1
0
Fork 0
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions
naj/scripts/tests/security_edge.sh
inx 593c5f8f7f
fix: critical patches for ssh signing, profile switching, and subdir support 
fix: critical patches for ssh signing, profile switching, and subdir support

This release addresses several critical issues discovered during E2E testing:

- **fix(exec):** Prevent crash in Exec Mode when using SSH signing.
  - Sanitizer now resets `gpg.format` to "openpgp" and `gpg.ssh.program` to "ssh-keygen" instead of empty strings (which caused Git to exit with code 128).
- **fix(switch):** Correctly replace active profile instead of appending.
  - Now cleans up existing Gosh include paths before adding the new one to prevent ambiguous identity resolution.
- **fix(core):** Support running Gosh from deep subdirectories.
  - Replaced manual `.git` folder check with `git rev-parse` to correctly detect repository root.
- **security:** Hardened Blind Injection defaults to align with Git 2.52+ strictness.
2026-01-28 15:56:54 +08:00

50 lines
No EOL
1.6 KiB
Bash
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# --- 准备 ---
GOSH_CMD="gosh" # 确保已编译或 alias
BASE_DIR="/tmp/gosh_security_test"
UNSAFE_REPO="$BASE_DIR/root_owned_repo"
# 1. 初始化一个归属于 root 的仓库 (对当前用户来说是不安全的)
rm -rf "$BASE_DIR"
mkdir -p "$UNSAFE_REPO"
echo "[SETUP] Creating a repo owned by ROOT..."
# 使用 sudo 创建 .git这样它就属于 root 了
sudo git init --quiet "$UNSAFE_REPO"
sudo touch "$UNSAFE_REPO/testfile"
# 确保当前用户对目录有读写权限(以便能进入),但 .git 依然属于 root
sudo chmod -R 777 "$UNSAFE_REPO"
echo "[TEST] Running 'gosh' in a dubious ownership repo..."
cd "$UNSAFE_REPO"
# 2. 尝试运行 gosh (期望失败)
if $GOSH_CMD -l > /dev/null 2>&1; then
# 注意gosh -l 不需要 git 仓库,所以应该成功。
# 我们需要测 switch 或 exec这需要 git 上下文
echo " (gosh list works, which is fine)"
fi
echo "Attempting to switch profile..."
# 捕获输出
OUTPUT=$($GOSH_CMD testprofile 2>&1 || true)
# 3. 验证结果
if echo "$OUTPUT" | grep -q "fatal: detected dubious ownership"; then
echo "✅ PASS: Gosh propagated Git's security error."
echo " Git said: 'detected dubious ownership'"
echo " Gosh refused to act."
elif echo "$OUTPUT" | grep -q "Not a git repository"; then
echo "✅ PASS: Gosh treated it as invalid (Git rev-parse failed)."
else
echo "❌ FAIL: Gosh tried to execute! This is dangerous."
echo "Output was: $OUTPUT"
exit 1
fi
# 清理 (需要 sudo 因为文件夹是 root 的)
cd /tmp
sudo rm -rf "$BASE_DIR"
echo "🎉 Security verification complete."
Reference in a new issue View git blame Copy permalink