Tests: add unsafe paste test

po/POTFILES

@@ -1,5 +1,6 @@
 src/Application.vala
 src/MainWindow.vala
+src/Utils.vala
 src/Dialogs/ColorPreferencesDialog.vala
 src/Dialogs/ForegroundProcessDialog.vala
 src/Dialogs/UnsafePasteDialog.vala

src/Utils.vala

@@ -120,6 +120,30 @@ namespace Terminal.Utils {
         return uri;
     }
 
+    /**
+     * Checks a string for possible unsafe contents before pasting
+     *
+     * @param clipboard contents containing terminal commands
+     *
+     * @param return localized explanation of risk
+     *
+     * @return true if safe, false if unsafe.
+     */
+    public bool is_safe_paste (string text, out string msg) {
+        if ("\n" in text || "&" in text || "|" in text || ";" in text ) {
+            msg = _("The pasted text may contain multiple commands");
+            return false;
+        }
+
+        if ("sudo " in text || "doas " in text || "run0 " in text || "pkexec " in text || "su " in text) {
+            msg = _("The pasted text may be trying to gain administrative access");
+            return false;
+        }
+
+        msg = null;
+        return true;
+    }
+
     public string? escape_uri (string uri, bool allow_utf8 = true, bool allow_single_quote = true) {
         // We only want to allow '#' in appropriate position for fragment identifier, i.e. after the last directory separator.
         var placeholder = "::::::";

src/Widgets/TerminalWidget.vala

@@ -571,15 +571,10 @@ namespace Terminal {
             }
 
 
-            string? warn_text = null;
-            if ("\n" in text || "&" in text || "|" in text || ";" in text ) {
-                warn_text = _("The pasted text may contain multiple commands");
-            } else if ("sudo " in text || "doas " in text || "run0 " in text || "pkexec " in text || "su " in text) {
-                warn_text = _("The pasted text may be trying to gain administrative access");
-            }
+            string? warn_text;
 
             // No user interaction for safe commands
-            if (warn_text == null) {
+            if (Utils.is_safe_paste (text, out warn_text)) {
                 feed_child (text.data);
                 return;
             }

src/meson.build

@@ -71,3 +71,5 @@ test(
     protocol: 'tap',
     depends: test_schemas
 )
+
+subdir('tests')

src/tests/UnsafePasteTest.vala

@@ -0,0 +1,34 @@
+/*
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ * SPDX-FileCopyrightText: 2024 elementary, Inc. (https://elementary.io)
+ */
+
+private void main (string[] args) {
+    Test.init (ref args);
+
+    Test.add_func ("/valid", () => {
+        string msg;
+
+        // false positive for su
+        assert (Terminal.Utils.is_safe_paste ("suspend", out msg));
+    });
+
+    Test.add_func ("/invalid", () => {
+        string msg;
+
+        // Elevated permissions
+        assert (!Terminal.Utils.is_safe_paste ("doas pacman -Syu", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("pkexec visudo", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("run0 --nice=19 my-task-with-low-priority", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("su username", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("sudo apt autoremove", out msg));
+
+        // Multi-line commands
+        assert (!Terminal.Utils.is_safe_paste ("\n", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("&", out msg));
+        assert (!Terminal.Utils.is_safe_paste ("|", out msg));
+        assert (!Terminal.Utils.is_safe_paste (";", out msg));
+    });
+
+    Test.run ();
+}

src/tests/meson.build

@@ -0,0 +1,12 @@
+unsafe_paste_test = executable(
+    'UnsafePasteTest',
+    'UnsafePasteTest.vala',
+    meson.project_source_root() / 'src' / 'Utils.vala',
+    dependencies: [
+        glib_dep,
+        gtk_dep
+    ],
+    install: false
+)
+
+test('UnsafePaste Test', unsafe_paste_test)