def test_null(self): """Anything maybe using C strings MIGHT screw up ASCII NUL """ assert scary(b"\0") assert scary(b"\0b") assert scary(b"a\0b") assert scary(b"a\0")
def test_empty(self): """Empty variables can combine in surprising ways in shell and occur in a huge number of ways, intentional or not. So this is one of the first things to check. """ assert scary(b'')
def test_question_mark(self): assert scary(b'?')
def test_variable_expansion(self): """prevent second-pass substitution of variable etc. """ assert scary(b'$HOME')
def test_star(self): assert scary(b'*')
def test_hyphen(self): assert not scary(b"/home/user/ve-place")
def test_comma(self): assert not scary(b"/home/user/python,ruby/virtualenvs")
def test_background(self): assert scary(b"sleep 10 &")
def test_normal(self): assert not scary(b"/home/user/whatever") assert not scary(b"/opt/weird/user/whatever") assert not scary(b"/foo")
def test_here(self): assert scary(b"<<<") assert scary(b">>>")
def test_or(self): assert scary(b"foo ||")
def test_leading_hyphen(self): """prevent passing switches (e.g. for find) instead of dir """ assert scary(b"-delete") assert scary(b"--delete")
def test_root(self): """Using bare root seems inherently wrong """ assert scary(b"/") assert scary(b"C:") assert scary(b"C:\\")
def test_trailing_backslash(self): """prevent making outside char literal or continuing line """ assert len("\\") == 1 assert scary(b"prefix\\")
def test_leading_single_quote(self): """prevent a less obvious way of messing with completion scripts """ assert scary(b"' 'seems bad") assert scary(b"'")
def test_variable_expansion_with_slash_and_suffix(self): """suffix doesn't fool us either """ assert scary(b'/${HOME}/bar')
def test_variable_expansion_with_slash(self): """leading slash doesn't fool us """ assert scary(b'/${HOME}')
def test_variable_expansion_with_braces(self): """also with braces style """ assert scary(b'${HOME}')
def test_semicolon(self): assert scary(b";")
def test_newline(self): """shell can easily mess up newlines """ assert scary(b"/foo\nbar") assert scary(b"/foo\n/bar")
def test_and(self): assert scary(b"foo &&")
def test_comment(self): """Don't want to ignore to end of shell line """ assert scary(b'#foo') assert scary(b'stuff # foo')
def test_pipeline(self): assert scary(b"| bar")
def test_arithmetic_expansion(self): assert scary(b'$(( 2 + 2 ))')
def test_underscore(self): assert not scary(b"/home/user/ve_place")
def test_integer_expansion(self): assert scary(b'$[ 2 + 2 ]')
def test_space(self): assert not scary(b"/home/user/ve place")
def test_lt(self): assert scary(b'<foo')
def test_period(self): assert not scary(b"/home/user/.virtualenvs")
def test_gt(self): assert scary(b'>foo')