restic/internal/backend/foreground_test.go
greatroar 11fbaaae9a Sanitize environment before starting backend processes (rclone, ssh)
The restic security model includes full trust of the local machine, so
this should not fix any actual security problems, but it's better to be
safe than sorry.

Fixes #2192.
2020-11-02 16:41:23 +01:00

38 lines
673 B
Go

// +build !windows
package backend_test
import (
"bufio"
"os"
"os/exec"
"strings"
"testing"
"github.com/restic/restic/internal/backend"
rtest "github.com/restic/restic/internal/test"
)
func TestForeground(t *testing.T) {
err := os.Setenv("RESTIC_PASSWORD", "supersecret")
rtest.OK(t, err)
cmd := exec.Command("env")
stdout, err := cmd.StdoutPipe()
rtest.OK(t, err)
bg, err := backend.StartForeground(cmd)
rtest.OK(t, err)
defer cmd.Wait()
err = bg()
rtest.OK(t, err)
sc := bufio.NewScanner(stdout)
for sc.Scan() {
if strings.HasPrefix(sc.Text(), "RESTIC_PASSWORD=") {
t.Error("subprocess got to see the password")
}
}
rtest.OK(t, err)
}