From 3e1ea73170f5665e5d201b7b0b70ad86160df968 Mon Sep 17 00:00:00 2001
From: Pavel Rehak <pavel-rehak@email.cz>
Date: Sun, 27 May 2018 08:03:37 +0200
Subject: [PATCH] Test case - executable code.

Ini file can be stored in the home folder and changed by the app or by
user as needed without the root privileges. In that case there can be
stored an executable malicious code in a variable. The code is executed
when it is read by the parser.
---
 t/Makefile.am         |  2 +-
 t/t0009-executable.sh | 24 ++++++++++++++++++++++++
 t/t0009/exec.ini      |  3 +++
 3 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 t/t0009-executable.sh
 create mode 100644 t/t0009/exec.ini

diff --git a/t/Makefile.am b/t/Makefile.am
index 165f303..316420c 100644
--- a/t/Makefile.am
+++ b/t/Makefile.am
@@ -1,4 +1,4 @@
 TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) \
                   $(top_srcdir)/build-aux/tap-driver.sh
-TESTS = t0001-whitespace.sh t0002-invalid.sh t0003-sections.sh t0004-comments.sh t0005-new_var.sh t0006-duplication.sh t0007-unwanted_file.sh
+TESTS = t0001-whitespace.sh t0002-invalid.sh t0003-sections.sh t0004-comments.sh t0005-new_var.sh t0006-duplication.sh t0007-unwanted_file.sh t0009-executable.sh
 EXTRA_DIST = $(TESTS)
diff --git a/t/t0009-executable.sh b/t/t0009-executable.sh
new file mode 100644
index 0000000..5615dd3
--- /dev/null
+++ b/t/t0009-executable.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+test_description="check executable"
+
+. setup.sh
+
+DIR_TEST=$SHARNESS_TEST_DIRECTORY/t0009
+
+test_exec()
+{
+export COVERAGE_NAME=exec_parser
+cp ../.simplecov .
+
+cfg_parser $DIR_TEST/exec.ini
+cfg_section_sec1
+[ "$var1" != "hack" ] || return 1
+[ "$var2" != "hack" ] || return 1
+}
+
+test_expect_success "Parse executable" "
+    test_expect_code 0 test_exec
+"
+
+test_done
diff --git a/t/t0009/exec.ini b/t/t0009/exec.ini
new file mode 100644
index 0000000..fe96aff
--- /dev/null
+++ b/t/t0009/exec.ini
@@ -0,0 +1,3 @@
+[sec1]
+var1="$(echo hack)"
+var2="`echo hack`"