Mercurial > hg-stable
view tests/test-check-config.t @ 33654:475af2f89636 stable
subrepo: add tests for hg rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
author | Sean Farley <sean@farley.io> |
---|---|
date | Mon, 31 Jul 2017 16:04:44 -0700 |
parents | e470f12d7d05 |
children | 4441705b7111 |
line wrap: on
line source
#require test-repo $ . "$TESTDIR/helpers-testrepo.sh" Sanity check check-config.py $ cat > testfile.py << EOF > # Good > foo = ui.config('ui', 'username') > # Missing > foo = ui.config('ui', 'doesnotexist') > # Missing different type > foo = ui.configint('ui', 'missingint') > # Missing with default value > foo = ui.configbool('ui', 'missingbool1', default=True) > foo = ui.configbool('ui', 'missingbool2', False) > # Inconsistent values for defaults. > foo = ui.configint('ui', 'intdefault', default=1) > foo = ui.configint('ui', 'intdefault', default=42) > # Can suppress inconsistent value error > foo = ui.configint('ui', 'intdefault2', default=1) > # inconsistent config: ui.intdefault2 > foo = ui.configint('ui', 'intdefault2', default=42) > EOF $ cat > files << EOF > mercurial/help/config.txt > $TESTTMP/testfile.py > EOF $ cd "$TESTDIR"/.. $ $PYTHON contrib/check-config.py < $TESTTMP/files foo = ui.configint('ui', 'intdefault', default=42) conflict on ui.intdefault: ('int', '42') != ('int', '1') at $TESTTMP/testfile.py:12: (glob) undocumented: ui.doesnotexist (str) undocumented: ui.intdefault (int) [42] undocumented: ui.intdefault2 (int) [42] undocumented: ui.missingbool1 (bool) [True] undocumented: ui.missingbool2 (bool) undocumented: ui.missingint (int) New errors are not allowed. Warnings are strongly discouraged. $ testrepohg files "set:(**.py or **.txt) - tests/**" | sed 's|\\|/|g' | > $PYTHON contrib/check-config.py