Mercurial > hg
view tests/test-check-shbang.t @ 41457:6c10eba6b9cd stable
subrepo: prohibit variable expansion on creation of hg subrepo (SEC)
It's probably wrong to expand path at localrepo.*repository() layer, but
fixing the layering issue would require careful inspection of call paths.
So, this patch adds add a validation to the subrepo constructor.
os.path.realpath(util.expandpath(root)) is what vfsmod.vfs() would do.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Tue, 08 Jan 2019 22:07:45 +0900 |
| parents | ddd65b4f3ae6 |
| children | 2d8d4e08c493 |
line wrap: on
line source
#require test-repo $ . "$TESTDIR/helpers-testrepo.sh" $ cd "`dirname "$TESTDIR"`" look for python scripts that do not use /usr/bin/env $ testrepohg files 'set:grep(r"^#!.*?python") and not grep(r"^#!/usr/bi{1}n/env python") - **/*.t' [1] In tests, enforce $PYTHON and *not* /usr/bin/env python or similar: $ testrepohg files 'set:grep(r"#!.*?python") and **/*.t' \ > -X tests/test-check-execute.t \ > -X tests/test-check-module-imports.t \ > -X tests/test-check-pyflakes.t \ > -X tests/test-check-shbang.t [1] The above exclusions are because they're looking for files that contain Python but don't end in .py - please avoid adding more. look for shell scripts that do not use /bin/sh $ testrepohg files 'set:grep(r"^#!.*/bi{1}n/sh") and not grep(r"^#!/bi{1}n/sh")' [1]