add regression test

Author: squell

test-framework/e2e-tests/src/regression.rs

@@ -1,4 +1,4 @@
-use sudo_test::{Command, Env, TextFile};
+use sudo_test::{Command, Env, TextFile, User};
 
 #[test]
 fn syslog_writer_should_not_hang() {
@@ -30,3 +30,42 @@ fn no_permissions_should_not_violate_io_safety() {
         "sudo-rs: cannot execute '/usr/bin/foo': Permission denied (os error 13)"
     );
 }
+
+#[test]
+fn user_without_permissions_cannot_distinguish_file_existence() {
+    // run test for users both without any permissions and limited permissions that
+    // exclude access to the directory of interest
+    for sudoers in ["", "ALL ALL=/bin/true"] {
+        let env = Env(sudoers)
+            // ordinary users have no access to the directory
+            .directory(sudo_test::Directory("/secret").chmod("777"))
+            // this should be irrespective of file permissions
+            .file("/secret/txt", TextFile("").chmod("000"))
+            .file("/secret/foo", TextFile("#! /bin/sh").chmod("777"))
+            .user(User("user").password("password"))
+            .build();
+
+        for bait in ["/secret/txt", "/secret/foo"] {
+            let output = Command::new("sudo")
+                .args(["-S", "-l", bait])
+                .as_user("user")
+                .stdin("password")
+                .output(&env);
+            assert!(!output.status().success());
+            let response_1 = output.stderr().replace(bait, "<file>");
+
+            let output = Command::new("sudo")
+                .args(["-S", "-l", "/secret/missing"])
+                .as_user("user")
+                .stdin("password")
+                .output(&env);
+            assert!(!output.status().success());
+            let response_2 = output.stderr().replace("/secret/missing", "<file>");
+
+            dbg!(sudoers);
+            dbg!(bait);
+            dbg!(&response_1);
+            assert_eq!(response_1, response_2);
+        }
+    }
+}