test/sharness: add more tests against exposing PrivKey on network

and replacing config. License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
2026-02-26 04:47:45 +08:00 · 2016-07-08 16:42:49 +02:00 · 2016-07-08 16:42:49 +02:00 · ea9327dd3c
commit ea9327dd3c
parent 011a546b9c
1 changed files with 13 additions and 1 deletions
--- a/test/sharness/t0021-config.sh
+++ b/test/sharness/t0021-config.sh
@ -77,10 +77,12 @@ test_config_cmd() {
  '

  test_expect_success "output looks good" '
-       echo "Error: cannot show private key through API" > ident_exp &&
+       echo "Error: cannot show or change private key through API" > ident_exp &&
       test_cmp ident_exp ident_out
  '

+  # SECURITY
+  # Those tests are here to prevent exposing the PrivKey on the network
  test_expect_success "'ipfs config Identity.PrivKey' fails" '
       test_expect_code 1 ipfs config Identity.PrivKey 2> ident_out
  '
@ -88,6 +90,16 @@ test_config_cmd() {
  test_expect_success "output looks good" '
       test_cmp ident_exp ident_out
  '
+
+  test_expect_success "'ipfs config show' doesn't include privkey" '
+       ipfs config show > show_config &&
+       grep PrivKey show_config | grep "\"PrivKey\": null"
+  '
+
+  test_expect_success "'ipfs config replace' injects privkey back" '
+       ipfs config replace show_config &&
+	   grep PrivKey "$IPFS_PATH/config" | grep -v ": null" >/dev/null
+  '
 }

 test_init_ipfs