Mercurial > hg-stable
diff tests/test-subrepo-git.t @ 29257:a9764ab80e11 stable 3.8.3
tests-subrepo-git: emit a different "pwned" message based on the test
Having a single "pwned" message which may or may not be emitted during the
tests for CVE-2016-3068 leads to extra confusion. Allow each test to emit
a more detailed message based on what the expectations are.
In both cases, we expect a version of git which has had the vulnerability
plugged, as well as a version of mercurial which also knows about
GIT_ALLOW_PROTOCOL. For the first test, we make sure GIT_ALLOW_PROTOCOL is
unset, meaning that the ext-protocol subrepo should be ignored; if it
isn't, there's either a problem with mercurial or the installed copy of
git.
For the second test, we explicitly allow ext-protocol subrepos, which means
that the subrepo will be accessed and a message emitted confirming that
this was, in fact, our intention.
author | Danek Duvall <danek.duvall@oracle.com> |
---|---|
date | Fri, 27 May 2016 15:20:03 -0700 |
parents | 1f8b861ba15c |
children | 9b4f0ad02f51 |
line wrap: on
line diff
--- a/tests/test-subrepo-git.t Fri May 27 15:10:38 2016 -0700 +++ b/tests/test-subrepo-git.t Fri May 27 15:20:03 2016 -0700 @@ -1135,7 +1135,7 @@ test for Git CVE-2016-3068 $ hg init malicious-subrepository $ cd malicious-subrepository - $ echo "s = [git]ext::sh -c echo% pwned% >pwned.txt" > .hgsub + $ echo "s = [git]ext::sh -c echo% \$PWNED_MSG% >pwned.txt" > .hgsub $ git init s Initialized empty Git repository in $TESTTMP/tc/malicious-subrepository/s/.git/ $ cd s @@ -1146,26 +1146,29 @@ $ hg commit -m "add subrepo" $ cd .. $ rm -f pwned.txt - $ env -u GIT_ALLOW_PROTOCOL hg clone malicious-subrepository malicious-subrepository-protected + $ env -u GIT_ALLOW_PROTOCOL \ + > PWNED_MSG="your git is too old or mercurial has regressed" hg clone \ + > malicious-subrepository malicious-subrepository-protected Cloning into '$TESTTMP/tc/malicious-subrepository-protected/s'... (glob) fatal: transport 'ext' not allowed updating to branch default - cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt + cloning subrepo s from ext::sh -c echo% $PWNED_MSG% >pwned.txt abort: git clone error 128 in s (in subrepo s) [255] $ test -f pwned.txt && cat pwned.txt || true whitelisting of ext should be respected (that's the git submodule behaviour) $ rm -f pwned.txt - $ env GIT_ALLOW_PROTOCOL=ext hg clone malicious-subrepository malicious-subrepository-clone-allowed + $ env GIT_ALLOW_PROTOCOL=ext PWNED_MSG="you asked for it" hg clone \ + > malicious-subrepository malicious-subrepository-clone-allowed Cloning into '$TESTTMP/tc/malicious-subrepository-clone-allowed/s'... (glob) fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. updating to branch default - cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt + cloning subrepo s from ext::sh -c echo% $PWNED_MSG% >pwned.txt abort: git clone error 128 in s (in subrepo s) [255] $ cat pwned.txt - pwned + you asked for it