1133 ? s/snake.python.orig |
1133 ? s/snake.python.orig |
1134 |
1134 |
1135 test for Git CVE-2016-3068 |
1135 test for Git CVE-2016-3068 |
1136 $ hg init malicious-subrepository |
1136 $ hg init malicious-subrepository |
1137 $ cd malicious-subrepository |
1137 $ cd malicious-subrepository |
1138 $ echo "s = [git]ext::sh -c echo% pwned% >pwned.txt" > .hgsub |
1138 $ echo "s = [git]ext::sh -c echo% \$PWNED_MSG% >pwned.txt" > .hgsub |
1139 $ git init s |
1139 $ git init s |
1140 Initialized empty Git repository in $TESTTMP/tc/malicious-subrepository/s/.git/ |
1140 Initialized empty Git repository in $TESTTMP/tc/malicious-subrepository/s/.git/ |
1141 $ cd s |
1141 $ cd s |
1142 $ git commit --allow-empty -m 'empty' |
1142 $ git commit --allow-empty -m 'empty' |
1143 [master (root-commit) 153f934] empty |
1143 [master (root-commit) 153f934] empty |
1144 $ cd .. |
1144 $ cd .. |
1145 $ hg add .hgsub |
1145 $ hg add .hgsub |
1146 $ hg commit -m "add subrepo" |
1146 $ hg commit -m "add subrepo" |
1147 $ cd .. |
1147 $ cd .. |
1148 $ rm -f pwned.txt |
1148 $ rm -f pwned.txt |
1149 $ env -u GIT_ALLOW_PROTOCOL hg clone malicious-subrepository malicious-subrepository-protected |
1149 $ env -u GIT_ALLOW_PROTOCOL \ |
|
1150 > PWNED_MSG="your git is too old or mercurial has regressed" hg clone \ |
|
1151 > malicious-subrepository malicious-subrepository-protected |
1150 Cloning into '$TESTTMP/tc/malicious-subrepository-protected/s'... (glob) |
1152 Cloning into '$TESTTMP/tc/malicious-subrepository-protected/s'... (glob) |
1151 fatal: transport 'ext' not allowed |
1153 fatal: transport 'ext' not allowed |
1152 updating to branch default |
1154 updating to branch default |
1153 cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt |
1155 cloning subrepo s from ext::sh -c echo% $PWNED_MSG% >pwned.txt |
1154 abort: git clone error 128 in s (in subrepo s) |
1156 abort: git clone error 128 in s (in subrepo s) |
1155 [255] |
1157 [255] |
1156 $ test -f pwned.txt && cat pwned.txt || true |
1158 $ test -f pwned.txt && cat pwned.txt || true |
1157 |
1159 |
1158 whitelisting of ext should be respected (that's the git submodule behaviour) |
1160 whitelisting of ext should be respected (that's the git submodule behaviour) |
1159 $ rm -f pwned.txt |
1161 $ rm -f pwned.txt |
1160 $ env GIT_ALLOW_PROTOCOL=ext hg clone malicious-subrepository malicious-subrepository-clone-allowed |
1162 $ env GIT_ALLOW_PROTOCOL=ext PWNED_MSG="you asked for it" hg clone \ |
|
1163 > malicious-subrepository malicious-subrepository-clone-allowed |
1161 Cloning into '$TESTTMP/tc/malicious-subrepository-clone-allowed/s'... (glob) |
1164 Cloning into '$TESTTMP/tc/malicious-subrepository-clone-allowed/s'... (glob) |
1162 fatal: Could not read from remote repository. |
1165 fatal: Could not read from remote repository. |
1163 |
1166 |
1164 Please make sure you have the correct access rights |
1167 Please make sure you have the correct access rights |
1165 and the repository exists. |
1168 and the repository exists. |
1166 updating to branch default |
1169 updating to branch default |
1167 cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt |
1170 cloning subrepo s from ext::sh -c echo% $PWNED_MSG% >pwned.txt |
1168 abort: git clone error 128 in s (in subrepo s) |
1171 abort: git clone error 128 in s (in subrepo s) |
1169 [255] |
1172 [255] |
1170 $ cat pwned.txt |
1173 $ cat pwned.txt |
1171 pwned |
1174 you asked for it |