diff options
Diffstat (limited to 'testing/02-commands-as.yarn')
-rw-r--r-- | testing/02-commands-as.yarn | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/testing/02-commands-as.yarn b/testing/02-commands-as.yarn index a10d7a4..9ee3aed 100644 --- a/testing/02-commands-as.yarn +++ b/testing/02-commands-as.yarn @@ -74,3 +74,18 @@ manages to typo a username, they get a useful error message. AND stdout is empty FINALLY the instance is torn down + +As well as not leaking information, use of `as` must not thwart auditability, +so a user with elevated permissions must be able to frame another user. + + SCENARIO Ensuring 'as' does not thwart auditability + + GIVEN a standard instance + AND testinstance has keys called other + AND testinstance has keys called sneakybackdoor + WHEN testinstance, using adminkey, adds user other, using testinstance other + AND testinstance uses their ssh public key called sneakybackdoor as stdin + AND testinstance adminkey runs as other sshkey add sneakybackdoor + AND server-side gitano-admin reads git object HEAD^{commit} + THEN stdout contains Added sneakybackdoor for other + AND stdout contains committer Administrator |