1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
mnv9script
CheckExecutable tar
CheckNotMSWindows
runtime plugin/tarPlugin.mnv
def CopyFile(source: string)
if !filecopy($"samples/{source}", "X.tar")
assert_report($"Can't copy samples/{source}")
endif
enddef
def g:Test_tar_basic()
CopyFile("sample.tar")
defer delete("X.tar")
defer delete("./testtar", 'rf')
e X.tar
### Check header
assert_match('^" tar\.mnv version v\d\+', getline(1))
assert_match('^" Browsing tarfile .*/X.tar', getline(2))
assert_match('^" Select a file with cursor and press ENTER, "x" to extract a file', getline(3))
assert_match('^$', getline(4))
assert_match('testtar/', getline(5))
assert_match('testtar/file1.txt', getline(6))
### Check ENTER on header
:1
exe ":normal \<cr>"
assert_equal("X.tar", @%)
### Check ENTER on file
:6
exe ":normal \<cr>"
assert_equal("tarfile::testtar/file1.txt", @%)
### Check editing file
### Note: deleting entries not supported on BSD
if has("mac")
return
endif
if has("bsd")
return
endif
s/.*/some-content/
assert_equal("some-content", getline(1))
w!
assert_equal("tarfile::testtar/file1.txt", @%)
bw!
close
bw!
e X.tar
:6
exe "normal \<cr>"
assert_equal("some-content", getline(1))
bw!
close
### Check extracting file
:5
normal x
assert_true(filereadable("./testtar/file1.txt"))
bw!
enddef
def g:Test_tar_evil()
CopyFile("evil.tar")
defer delete("X.tar")
defer delete("./etc", 'rf')
e X.tar
### Check header
assert_match('^" tar\.mnv version v\d\+', getline(1))
assert_match('^" Browsing tarfile .*/X.tar', getline(2))
assert_match('^" Select a file with cursor and press ENTER, "x" to extract a file', getline(3))
assert_match('^" Note: Path Traversal Attack detected', getline(4))
assert_match('^$', getline(5))
assert_match('/etc/ax-pwn', getline(6))
### Check ENTER on header
:1
exe ":normal \<cr>"
assert_equal("X.tar", @%)
assert_equal(1, b:leading_slash)
### Check ENTER on file
:6
exe ":normal \<cr>"
assert_equal(1, b:leading_slash)
assert_equal("tarfile::/etc/ax-pwn", @%)
### Check editing file
### Note: deleting entries not supported on BSD
if has("mac")
return
endif
if has("bsd")
return
endif
s/.*/none/
assert_equal("none", getline(1))
w!
assert_equal(1, b:leading_slash)
assert_equal("tarfile::/etc/ax-pwn", @%)
bw!
close
bw!
# Writing was aborted
e X.tar
assert_match('^" Note: Path Traversal Attack detected', getline(4))
:6
exe "normal \<cr>"
assert_equal("something", getline(1))
bw!
close
### Check extracting file
:5
normal x
assert_true(filereadable("./etc/ax-pwn"))
bw!
enddef
def g:Test_tar_path_traversal_with_nowrapscan()
CopyFile("evil.tar")
defer delete("X.tar")
# Make sure we still find the tar warning (or leading slashes) even when
# wrapscan is off
set nowrapscan
e X.tar
### Check header
assert_match('^" tar\.mnv version v\d\+', getline(1))
assert_match('^" Browsing tarfile .*/X.tar', getline(2))
assert_match('^" Select a file with cursor and press ENTER, "x" to extract a file', getline(3))
assert_match('^" Note: Path Traversal Attack detected', getline(4))
assert_match('^$', getline(5))
assert_match('/etc/ax-pwn', getline(6))
assert_equal(1, b:leading_slash)
bw!
enddef
|
