Mercurial > hg
view tests/fakepatchtime.py @ 33657:60ee7af2a2ba stable
subrepo: add tests for svn rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
| author | Sean Farley <sean@farley.io> |
|---|---|
| date | Mon, 31 Jul 2017 16:44:17 -0700 |
| parents | f624b0e69105 |
| children | 7be2f229285b |
line wrap: on
line source
# extension to emulate invoking 'patch.internalpatch()' at the time # specified by '[fakepatchtime] fakenow' from __future__ import absolute_import from mercurial import ( extensions, patch as patchmod, util, ) def internalpatch(orig, ui, repo, patchobj, strip, prefix='', files=None, eolmode='strict', similarity=0): if files is None: files = set() r = orig(ui, repo, patchobj, strip, prefix=prefix, files=files, eolmode=eolmode, similarity=similarity) fakenow = ui.config('fakepatchtime', 'fakenow') if fakenow: # parsing 'fakenow' in YYYYmmddHHMM format makes comparison between # 'fakenow' value and 'touch -t YYYYmmddHHMM' argument easy fakenow = util.parsedate(fakenow, ['%Y%m%d%H%M'])[0] for f in files: repo.wvfs.utime(f, (fakenow, fakenow)) return r def extsetup(ui): extensions.wrapfunction(patchmod, 'internalpatch', internalpatch)