Mercurial > hg
comparison tests/test-audit-path.t @ 34832:d6009d1488e8
tests: add test demonstrating regression in path audit
D785 regressed behavior in path auditing: files can be deleted if they have a
path that conflicts with a filename from a malicious remote or bundle.
This test demonstrates the problem - the file should not have been deleted.
Differential Revision: https://phab.mercurial-scm.org/D1156
author | Mark Thomas <mbthomas@fb.com> |
---|---|
date | Tue, 17 Oct 2017 08:07:43 -0700 |
parents | f07cf12e740f |
children | 07bbb208a924 |
comparison
equal
deleted
inserted
replaced
34831:44c4ed4ad032 | 34832:d6009d1488e8 |
---|---|
117 | 117 |
118 attack ../test | 118 attack ../test |
119 | 119 |
120 $ hg manifest -r3 | 120 $ hg manifest -r3 |
121 ../test | 121 ../test |
122 $ mkdir ../test | |
123 $ echo data > ../test/file | |
122 $ hg update -Cr3 | 124 $ hg update -Cr3 |
123 abort: path contains illegal component: ../test (glob) | 125 abort: path contains illegal component: ../test (glob) |
124 [255] | 126 [255] |
127 $ cat ../test/file | |
128 cat: ../test/file: No such file or directory | |
129 [1] | |
125 | 130 |
126 attack /tmp/test | 131 attack /tmp/test |
127 | 132 |
128 $ hg manifest -r4 | 133 $ hg manifest -r4 |
129 /tmp/test | 134 /tmp/test |