ikiwiki/t
Simon McVittie 4729ff0812 Exclude working directory from library path (CVE-2016-1238)
Current Perl versions put '.' at the end of the library search path
@INC, although this will be fixed in a future Perl release. This means
that when software loads an optionally-present module, it will be
looked for in the current working directory before giving up. An
attacker could use this to execute arbitrary Perl code from ikiwiki's
current working directory.

Removing '.' from the library search path in Perl is the correct
fix for this vulnerability, but is not trivial to do due to
backwards-compatibility concerns. Mitigate this (even if ikiwiki is run
with a vulnerable Perl version) by explicitly removing '.' from the
search path, and instead looking for ikiwiki's own modules relative
to the absolute path of the executable when run from the source
directory.

In tests that specifically want to use the current working directory,
use "-I".getcwd instead of "-I." so we use its absolute path, which
is immune to the removal of ".".
2016-07-28 09:50:21 +01:00
..
basewiki_brokenlinks fix to use prefix directives 2008-12-23 16:56:56 -05:00
img img: restrict to JPEG, PNG and GIF images by default 2016-05-05 23:43:50 +01:00
parentlinks/templates pedigree rename to parentlinks: rename/adapt everything 2008-07-15 16:25:39 +02:00
tinyblog fix to use prefix directives 2008-12-23 16:55:33 -05:00
tinypodcast When inlining HTML pages, render enclosures. 2013-02-19 20:22:47 -05:00
404.t rename apache404 -> 404 2009-01-31 19:26:36 -05:00
add_depends.t fix test cases for dynamic influence calculation 2010-04-22 00:07:25 -04:00
autoindex-committed.t Mark a few straggling test scripts +x. 2015-08-18 07:31:29 -04:00
autoindex.t Allow creation of transient index pages for directories outside srcdir 2014-07-04 09:25:09 +01:00
basename.t add 2006-05-02 21:15:39 +00:00
basewiki_brokenlinks.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
bazaar.t t/bazaar.t: Work around bzr 2.2.0's new requirement to configure bzr whoami before committing. 2010-08-30 15:23:22 -04:00
beautify_urlpath.t add another test 2008-12-21 12:59:11 -05:00
bestlink.t fix test suite after bestlink change 2009-11-30 18:05:47 -05:00
calculate_changed_links.t Add a unit test for changed-link calculation 2010-04-04 01:20:02 +01:00
cmp_path.t Add path and path_natural sort orders 2011-12-06 14:26:34 -04:00
comments.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
conflicts.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
crazy-badass-perl-bug.t the underlying perl bug that this test case checks a workaround for has now been fixed 2011-05-31 16:21:58 -04:00
cvs.t Wrapper: allocate new environment dynamically 2016-05-11 09:18:14 +01:00
dirname.t add 2006-05-02 21:15:39 +00:00
file_pruned.t remove 2 argument form of file_pruned 2010-04-20 14:08:29 -04:00
find_src_files.t fix test count 2010-05-05 18:32:48 -04:00
git.t Add a test for unconfigured git identity 2015-11-30 20:46:58 +00:00
htmlbalance.t use HTML::Entities 2008-11-17 14:27:11 -05:00
htmlize.t fix test suite to work with discount 2012-01-01 17:28:31 -04:00
img.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
index.t remove test for page state saved for disabled plugin 2013-11-16 12:43:46 -04:00
inline.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
libdirs.t Add regression test for libdir/libdirs 2014-12-09 22:54:26 +00:00
linkify.t fix test to support rel= 2008-05-30 17:12:32 -04:00
linkpage.t Export pagetitle, titlepage, linkpage. 2008-09-27 14:27:42 -04:00
map.t avoid running test if xml::twig is not installed 2013-05-09 10:46:25 -04:00
mercurial.t clean up messages about unavailable vcs programs 2010-06-25 00:30:12 -04:00
meta.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
openiduser.t pretty openid login 2010-05-07 20:14:25 -04:00
pagename.t Add noextension parameter to htmlize hooks to support, eg, Makefile. 2009-02-19 18:38:45 -05:00
pagespec_match.t Fix test suite failure on other side of date line. 2010-09-29 11:58:45 -04:00
pagespec_match_list.t Add path and path_natural sort orders 2011-12-06 14:26:34 -04:00
pagespec_match_result.t fix some broken influence blocking testing, add more tests 2009-10-13 14:58:22 -04:00
pagetitle.t Export pagetitle, titlepage, linkpage. 2008-09-27 14:27:42 -04:00
parentlinks.t tests: consistently use done_testing instead of no_plan 2015-11-30 18:26:23 +00:00
permalink.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
po.t Fix test suite to work with perl 5.18. Closes: #719969 2013-08-30 22:43:02 -04:00
podcast.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
preprocess.t added test cases for heredoc and triple-single. 2011-05-13 11:24:16 -04:00
prune.t prune: do not prune beyond an optional base directory, and add a test 2012-04-07 17:52:29 +01:00
readfile.t * Work on firming up the plugin interface: 2006-09-09 22:50:27 +00:00
relativity.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
renamepage.t revert renamepage's hook original name 2009-01-27 00:00:00 +01:00
rssurls.t add test case for RSS url munging 2010-11-16 16:48:42 -04:00
rst.t extend rst test to cover a fixed bug 2014-09-14 15:47:42 +01:00
svn.t clean up messages about unavailable vcs programs 2010-06-25 00:30:12 -04:00
syntax.t Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
syslog.t Don't fail to syslog if the wiki name contains %s 2016-01-21 07:33:41 +00:00
tag.t get rid of diag explain again 2011-03-04 11:23:10 -04:00
template_syntax.t Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
templatebody.t Add templatebody plugin and directive, and enable it by default 2014-03-05 10:42:19 +00:00
templates_documented.t Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
test1.mdwn * -CSD does not affect modules, so readfile() was not using the utf-8 input 2006-06-15 06:37:33 +00:00
test2.mdwn add a testcase for the weird markdown utf-8 crasher to make sure that 2006-06-16 04:56:25 +00:00
test3.mdwn FUCK UTF8 fuck fuck fuck!!! 2006-07-02 03:54:12 +00:00
textile-double-escape-bug.t textile-double-escape-bug.t: tolerate any valid encoding 2015-01-06 00:28:18 +00:00
titlepage.t Export pagetitle, titlepage, linkpage. 2008-09-27 14:27:42 -04:00
trail.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
urlto.t Avoid mixed content when cgiurl is https but url is not 2014-10-05 23:49:37 +01:00
wellformed.t Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
wrapper-environ.t Exclude working directory from library path (CVE-2016-1238) 2016-07-28 09:50:21 +01:00
yesno.t conditional: use yesno 2009-10-09 12:54:35 -04:00