Mercurial > hg
view tests/test-status-inprocess.py @ 29051:a56296f55a5e stable 3.8.1
convert: pass absolute paths to git (SEC)
Fixes CVE-2016-3105 (1/1).
Previously, it was possible for the repository path passed to git-ls-remote
to be misinterpreted as a URL.
Always passing an absolute path to git is a simple way to avoid this.
author | Blake Burkhart <bburky@bburky.com> |
---|---|
date | Wed, 06 Apr 2016 22:57:46 -0500 |
parents | 2c7e6f363138 |
children | d83ca854fa21 |
line wrap: on
line source
#!/usr/bin/env python from __future__ import absolute_import, print_function from mercurial import ( commands, localrepo, ui as uimod, ) u = uimod.ui() print('% creating repo') repo = localrepo.localrepository(u, '.', create=True) f = open('test.py', 'w') try: f.write('foo\n') finally: f.close print('% add and commit') commands.add(u, repo, 'test.py') commands.commit(u, repo, message='*') commands.status(u, repo, clean=True) print('% change') f = open('test.py', 'w') try: f.write('bar\n') finally: f.close() # this would return clean instead of changed before the fix commands.status(u, repo, clean=True, modified=True)