Mercurial > hg
view tests/test-debugextensions.t @ 29051:a56296f55a5e stable 3.8.1
convert: pass absolute paths to git (SEC)
Fixes CVE-2016-3105 (1/1).
Previously, it was possible for the repository path passed to git-ls-remote
to be misinterpreted as a URL.
Always passing an absolute path to git is a simple way to avoid this.
| author | Blake Burkhart <bburky@bburky.com> |
|---|---|
| date | Wed, 06 Apr 2016 22:57:46 -0500 |
| parents | a6573503342d |
| children | 3ef9aa7ad1fc |
line wrap: on
line source
$ hg debugextensions $ debugpath=`pwd`/extwithoutinfos.py $ cat > extwithoutinfos.py <<EOF > EOF $ cat >> $HGRCPATH <<EOF > [extensions] > color= > histedit= > patchbomb= > rebase= > mq= > ext1 = $debugpath > EOF $ hg debugextensions color ext1 (untested!) histedit mq patchbomb rebase $ hg debugextensions -v color location: */hgext/color.py* (glob) tested with: internal ext1 location: */extwithoutinfos.py* (glob) histedit location: */hgext/histedit.py* (glob) tested with: internal mq location: */hgext/mq.py* (glob) tested with: internal patchbomb location: */hgext/patchbomb.py* (glob) tested with: internal rebase location: */hgext/rebase.py* (glob) tested with: internal $ hg debugextensions -Tjson | sed 's|\\\\|/|g' [ { "buglink": "", "name": "color", "source": "*/hgext/color.py*", (glob) "testedwith": "internal" }, { "buglink": "", "name": "ext1", "source": "*/extwithoutinfos.py*", (glob) "testedwith": "" }, { "buglink": "", "name": "histedit", "source": "*/hgext/histedit.py*", (glob) "testedwith": "internal" }, { "buglink": "", "name": "mq", "source": "*/hgext/mq.py*", (glob) "testedwith": "internal" }, { "buglink": "", "name": "patchbomb", "source": "*/hgext/patchbomb.py*", (glob) "testedwith": "internal" }, { "buglink": "", "name": "rebase", "source": "*/hgext/rebase.py*", (glob) "testedwith": "internal" } ]