Mercurial > hg
comparison tests/test-audit-path.t @ 34832:d6009d1488e8
tests: add test demonstrating regression in path audit
D785 regressed behavior in path auditing: files can be deleted if they have a
path that conflicts with a filename from a malicious remote or bundle.
This test demonstrates the problem - the file should not have been deleted.
Differential Revision: https://phab.mercurial-scm.org/D1156
| author | Mark Thomas <mbthomas@fb.com> |
|---|---|
| date | Tue, 17 Oct 2017 08:07:43 -0700 |
| parents | f07cf12e740f |
| children | 07bbb208a924 |
comparison
equal
deleted
inserted
replaced
| 34831:44c4ed4ad032 | 34832:d6009d1488e8 |
|---|---|
| 117 | 117 |
| 118 attack ../test | 118 attack ../test |
| 119 | 119 |
| 120 $ hg manifest -r3 | 120 $ hg manifest -r3 |
| 121 ../test | 121 ../test |
| 122 $ mkdir ../test | |
| 123 $ echo data > ../test/file | |
| 122 $ hg update -Cr3 | 124 $ hg update -Cr3 |
| 123 abort: path contains illegal component: ../test (glob) | 125 abort: path contains illegal component: ../test (glob) |
| 124 [255] | 126 [255] |
| 127 $ cat ../test/file | |
| 128 cat: ../test/file: No such file or directory | |
| 129 [1] | |
| 125 | 130 |
| 126 attack /tmp/test | 131 attack /tmp/test |
| 127 | 132 |
| 128 $ hg manifest -r4 | 133 $ hg manifest -r4 |
| 129 /tmp/test | 134 /tmp/test |