11fbaaae9a
The restic security model includes full trust of the local machine, so this should not fix any actual security problems, but it's better to be safe than sorry. Fixes #2192.
38 lines
673 B
Go
38 lines
673 B
Go
// +build !windows
|
|
|
|
package backend_test
|
|
|
|
import (
|
|
"bufio"
|
|
"os"
|
|
"os/exec"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/restic/restic/internal/backend"
|
|
rtest "github.com/restic/restic/internal/test"
|
|
)
|
|
|
|
func TestForeground(t *testing.T) {
|
|
err := os.Setenv("RESTIC_PASSWORD", "supersecret")
|
|
rtest.OK(t, err)
|
|
|
|
cmd := exec.Command("env")
|
|
stdout, err := cmd.StdoutPipe()
|
|
rtest.OK(t, err)
|
|
|
|
bg, err := backend.StartForeground(cmd)
|
|
rtest.OK(t, err)
|
|
defer cmd.Wait()
|
|
|
|
err = bg()
|
|
rtest.OK(t, err)
|
|
|
|
sc := bufio.NewScanner(stdout)
|
|
for sc.Scan() {
|
|
if strings.HasPrefix(sc.Text(), "RESTIC_PASSWORD=") {
|
|
t.Error("subprocess got to see the password")
|
|
}
|
|
}
|
|
rtest.OK(t, err)
|
|
}
|