diff options
Diffstat (limited to 'src/testdir')
| -rw-r--r-- | src/testdir/samples/evil.zip | bin | 148 -> 413 bytes | |||
| -rw-r--r-- | src/testdir/test_plugin_zip.vim | 22 |
2 files changed, 22 insertions, 0 deletions
diff --git a/src/testdir/samples/evil.zip b/src/testdir/samples/evil.zip Binary files differindex e0a7f96141..17cffadf93 100644 --- a/src/testdir/samples/evil.zip +++ b/src/testdir/samples/evil.zip diff --git a/src/testdir/test_plugin_zip.vim b/src/testdir/test_plugin_zip.vim index 08f8223b60..53b6120834 100644 --- a/src/testdir/test_plugin_zip.vim +++ b/src/testdir/test_plugin_zip.vim @@ -274,3 +274,25 @@ def g:Test_zip_fname_evil_path() assert_match('zipfile://.*::etc/ax-pwn', @%) bw enddef + +def g:Test_zip_fname_evil_path2() + CheckNotMSWindows + # needed for writing the zip file + CheckExecutable zip + + CopyZipFile("evil.zip") + defer delete("X.zip") + e X.zip + + :1 + var fname = 'foobar' + search('\V' .. fname) + exe "normal \<cr>" + normal x + assert_false(filereadable('/tmp/foobar')) + :w + var mess = execute(':mess') + assert_match('Path Traversal Attack', mess) + assert_match('zipfile://.*::.*tmp/foobar', @%) + bw! +enddef |