#!/bin/sh
#
# rawhide - find files using pretty C expressions
# https://raf.org/rawhide
# https://github.com/raforg/rawhide
# https://codeberg.org/raforg/rawhide
#
# Copyright (C) 1990 Ken Stauffer, 2022-2023 raf <raf@raf.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <https://www.gnu.org/licenses/>.
#
# 20230609 raf <raf@raf.org>

. tests/.common

label="-x/-X %s/%S prevent shell command injection"

touch $d/"cmdinjtest; cd tests >&- 2>&-; cd .$t >&- 2>&-; echo 'oops! command injection succeeded' > cmdinjtest.out"

label2="-x %s"
count_test
$rh -e f -x 'file %s' $d >/dev/null
rc=$?

if [ -f $d/cmdinjtest.out ]
then
	echo "TEST $t fail ($label - $label2)"
	echo $d/cmdinjtest.out:
	cat $d/cmdinjtest.out
	count_fail
	errors=1
elif [ $rc != 0 ]
then
	echo "TEST $t fail ($label - $label2)"
	count_fail
	errors=1
else
	[ x"$quiet" = x1 ] || echo "TEST $t pass ($label - $label2)"
fi

label2="-x %S"
count_test
$rh -e f -x "file $d/%S" $d >/dev/null
rc=$?

if [ -f $d/cmdinjtest.out ]
then
	echo "TEST $t fail ($label - $label2)"
	echo $d/cmdinjtest.out:
	cat $d/cmdinjtest.out
	count_fail
	errors=1
elif [ $rc != 0 ]
then
	echo "TEST $t fail ($label - $label2)"
	count_fail
	errors=1
else
	[ x"$quiet" = x1 ] || echo "TEST $t pass ($label - $label2)"
fi

label2="-X %s"
count_test
$rh -e f -X "cd $saved_pwd && file %s" $d >/dev/null
rc=$?

if [ -f $d/cmdinjtest.out ]
then
	echo "TEST $t fail ($label - $label2)"
	echo $d/cmdinjtest.out:
	cat $d/cmdinjtest.out
	count_fail
	errors=1
elif [ $rc != 0 ]
then
	echo "TEST $t fail ($label - $label2)"
	count_fail
	errors=1
else
	[ x"$quiet" = x1 ] || echo "TEST $t pass ($label - $label2)"
fi

label2="-X %S"
count_test
$rh -e f -X 'file %S' $d >/dev/null
rc=$?

if [ -f $d/cmdinjtest.out ]
then
	echo "TEST $t fail ($label - $label2)"
	echo $d/cmdinjtest.out:
	cat $d/cmdinjtest.out
	count_fail
	errors=1
elif [ $rc != 0 ]
then
	echo "TEST $t fail ($label - $label2)"
	count_fail
	errors=1
else
	[ x"$quiet" = x1 ] || echo "TEST $t pass ($label - $label2)"
fi

finish

exit $errors

# vi:set ts=4 sw=4:
