ikiwiki/t
Simon McVittie 4729ff0812 Exclude working directory from library path (CVE-2016-1238)
Current Perl versions put '.' at the end of the library search path
@INC, although this will be fixed in a future Perl release. This means
that when software loads an optionally-present module, it will be
looked for in the current working directory before giving up. An
attacker could use this to execute arbitrary Perl code from ikiwiki's
current working directory.

Removing '.' from the library search path in Perl is the correct
fix for this vulnerability, but is not trivial to do due to
backwards-compatibility concerns. Mitigate this (even if ikiwiki is run
with a vulnerable Perl version) by explicitly removing '.' from the
search path, and instead looking for ikiwiki's own modules relative
to the absolute path of the executable when run from the source
directory.

In tests that specifically want to use the current working directory,
use "-I".getcwd instead of "-I." so we use its absolute path, which
is immune to the removal of ".".
2016-07-28 09:50:21 +01:00
..
basewiki_brokenlinks
img img: restrict to JPEG, PNG and GIF images by default 2016-05-05 23:43:50 +01:00
parentlinks/templates
tinyblog
tinypodcast
404.t
add_depends.t
autoindex-committed.t Mark a few straggling test scripts +x. 2015-08-18 07:31:29 -04:00
autoindex.t
basename.t
basewiki_brokenlinks.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
bazaar.t
beautify_urlpath.t
bestlink.t
calculate_changed_links.t
cmp_path.t
comments.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
conflicts.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
crazy-badass-perl-bug.t
cvs.t Wrapper: allocate new environment dynamically 2016-05-11 09:18:14 +01:00
dirname.t
file_pruned.t
find_src_files.t
git.t Add a test for unconfigured git identity 2015-11-30 20:46:58 +00:00
htmlbalance.t
htmlize.t
img.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
index.t
inline.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
libdirs.t
linkify.t
linkpage.t
map.t
mercurial.t
meta.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
openiduser.t
pagename.t
pagespec_match.t
pagespec_match_list.t
pagespec_match_result.t
pagetitle.t
parentlinks.t tests: consistently use done_testing instead of no_plan 2015-11-30 18:26:23 +00:00
permalink.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
po.t
podcast.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
preprocess.t
prune.t
readfile.t
relativity.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
renamepage.t
rssurls.t
rst.t
svn.t
syntax.t Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
syslog.t Don't fail to syslog if the wiki name contains %s 2016-01-21 07:33:41 +00:00
tag.t
template_syntax.t Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
templatebody.t
templates_documented.t Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
test1.mdwn
test2.mdwn
test3.mdwn
textile-double-escape-bug.t
titlepage.t
trail.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
urlto.t
wellformed.t Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
wrapper-environ.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
yesno.t