Restore to commit 74e578279624c6045ca440a3459ebfa1f8d54191
This commit is contained in:
southseact-3d
134
scripts/test-env-sanitization.sh
Executable file
134
scripts/test-env-sanitization.sh
Executable file
@@ -0,0 +1,134 @@
|
||||
#!/bin/bash
|
||||
# Test script to verify environment variable sanitization
|
||||
# This tests that invisible Unicode characters are properly removed
|
||||
|
||||
set -e
|
||||
|
||||
# Define Unicode character constants for testing
|
||||
readonly U200E_HEX=$'\xE2\x80\x8E' # U+200E Left-to-Right Mark
|
||||
readonly U200B_HEX=$'\xE2\x80\x8B' # U+200B Zero Width Space
|
||||
|
||||
echo "Testing environment variable sanitization..."
|
||||
echo ""
|
||||
|
||||
# Create a test file with problematic Unicode characters
|
||||
TEST_FILE=$(mktemp /tmp/test_env_with_unicode.XXXXXX.sh)
|
||||
|
||||
# Create test environment with U+200E (Left-to-Right Mark) after variable names
|
||||
cat > "$TEST_FILE" << 'EOF'
|
||||
# Test environment variables with invisible Unicode characters
|
||||
export ADMIN_USER="testuser"
|
||||
export ADMIN_PASSWORD="testpass123"
|
||||
export OPENROUTER_API_KEY="sk-test-key-12345"
|
||||
export NORMAL_VAR="normalvalue"
|
||||
EOF
|
||||
|
||||
# Add actual invisible U+200E character (E2 80 8E in UTF-8) to the file
|
||||
# This simulates what happens when users copy-paste from web browsers
|
||||
printf "export TEST_VAR_WITH_U200E%s=\"value_with_unicode\"\n" "$U200E_HEX" >> "$TEST_FILE"
|
||||
printf "export TEST_VAR_WITH_U200B%s=\"value_with_zwsp\"\n" "$U200B_HEX" >> "$TEST_FILE"
|
||||
|
||||
echo "Original test file (with invisible characters):"
|
||||
hexdump -C "$TEST_FILE" | grep -E "e2 80" || echo " (invisible characters present but not shown)"
|
||||
echo ""
|
||||
|
||||
# Test 1: Verify the original file has Unicode characters
|
||||
echo "Test 1: Checking for invisible Unicode characters in original file..."
|
||||
if grep -q "$U200E_HEX" "$TEST_FILE" 2>/dev/null; then
|
||||
echo " ✓ U+200E (Left-to-Right Mark) detected"
|
||||
else
|
||||
echo " ✗ U+200E not found (expected to find it)"
|
||||
fi
|
||||
|
||||
if grep -q "$U200B_HEX" "$TEST_FILE" 2>/dev/null; then
|
||||
echo " ✓ U+200B (Zero Width Space) detected"
|
||||
else
|
||||
echo " ✗ U+200B not found (expected to find it)"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Test 2: Apply the same sanitization logic from entrypoint.sh
|
||||
echo "Test 2: Applying sanitization..."
|
||||
SANITIZED_FILE=$(mktemp /tmp/test_env_sanitized.XXXXXX.sh)
|
||||
cp "$TEST_FILE" "$SANITIZED_FILE"
|
||||
|
||||
# Remove common invisible Unicode characters (same logic as entrypoint.sh)
|
||||
sed -i \
|
||||
-e 's/\xE2\x80\x8E//g' \
|
||||
-e 's/\xE2\x80\x8F//g' \
|
||||
-e 's/\xE2\x80\x8B//g' \
|
||||
-e 's/\xEF\xBB\xBF//g' \
|
||||
-e 's/\xE2\x80\xAA//g' \
|
||||
-e 's/\xE2\x80\xAB//g' \
|
||||
-e 's/\xE2\x80\xAC//g' \
|
||||
-e 's/\xE2\x80\xAD//g' \
|
||||
-e 's/\xE2\x80\xAE//g' \
|
||||
"$SANITIZED_FILE" 2>/dev/null
|
||||
|
||||
echo " Sanitization complete"
|
||||
echo ""
|
||||
|
||||
# Test 3: Verify Unicode characters are removed
|
||||
echo "Test 3: Verifying invisible characters are removed..."
|
||||
if grep -q "$U200E_HEX" "$SANITIZED_FILE" 2>/dev/null; then
|
||||
echo " ✗ FAILED: U+200E still present after sanitization"
|
||||
exit 1
|
||||
else
|
||||
echo " ✓ U+200E successfully removed"
|
||||
fi
|
||||
|
||||
if grep -q "$U200B_HEX" "$SANITIZED_FILE" 2>/dev/null; then
|
||||
echo " ✗ FAILED: U+200B still present after sanitization"
|
||||
exit 1
|
||||
else
|
||||
echo " ✓ U+200B successfully removed"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Test 4: Verify the sanitized file is valid bash and can be sourced
|
||||
echo "Test 4: Testing if sanitized file is valid bash..."
|
||||
if bash -n "$SANITIZED_FILE" 2>/dev/null; then
|
||||
echo " ✓ Sanitized file has valid bash syntax"
|
||||
else
|
||||
echo " ✗ FAILED: Sanitized file has syntax errors"
|
||||
cat "$SANITIZED_FILE"
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Test 5: Try sourcing the sanitized environment
|
||||
echo "Test 5: Testing if sanitized environment can be sourced..."
|
||||
(
|
||||
source "$SANITIZED_FILE"
|
||||
if [ "$ADMIN_USER" = "testuser" ] && [ "$ADMIN_PASSWORD" = "testpass123" ]; then
|
||||
echo " ✓ Environment variables loaded correctly"
|
||||
else
|
||||
echo " ✗ FAILED: Environment variables not loaded correctly"
|
||||
echo " ADMIN_USER=$ADMIN_USER (expected: testuser)"
|
||||
echo " ADMIN_PASSWORD=$ADMIN_PASSWORD (expected: testpass123)"
|
||||
exit 1
|
||||
fi
|
||||
)
|
||||
echo ""
|
||||
|
||||
# Test 6: Compare file sizes (sanitized should be smaller)
|
||||
ORIGINAL_SIZE=$(wc -c < "$TEST_FILE")
|
||||
SANITIZED_SIZE=$(wc -c < "$SANITIZED_FILE")
|
||||
REMOVED_BYTES=$((ORIGINAL_SIZE - SANITIZED_SIZE))
|
||||
|
||||
echo "Test 6: Verifying bytes were removed..."
|
||||
if [ $REMOVED_BYTES -gt 0 ]; then
|
||||
echo " ✓ Removed $REMOVED_BYTES bytes of invisible Unicode characters"
|
||||
else
|
||||
echo " ✗ WARNING: No bytes removed (original: $ORIGINAL_SIZE, sanitized: $SANITIZED_SIZE)"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Cleanup
|
||||
rm -f "$TEST_FILE" "$SANITIZED_FILE"
|
||||
|
||||
echo "=================================="
|
||||
echo "All sanitization tests PASSED! ✓"
|
||||
echo "=================================="
|
||||
echo ""
|
||||
echo "The entrypoint.sh sanitization logic will prevent the Portainer U+200E error."
|
||||
Reference in New Issue
Block a user