Mercurial > hg
view tests/fakemergerecord.py @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | a01ecbcfaf84 |
children | b303b3817d0e |
line wrap: on
line source
# Extension to write out fake unsupported records into the merge state # # from __future__ import absolute_import from mercurial import ( cmdutil, merge, ) cmdtable = {} command = cmdutil.command(cmdtable) @command('fakemergerecord', [('X', 'mandatory', None, 'add a fake mandatory record'), ('x', 'advisory', None, 'add a fake advisory record')], '') def fakemergerecord(ui, repo, *pats, **opts): ms = merge.mergestate.read(repo) records = ms._makerecords() if opts.get('mandatory'): records.append(('X', 'mandatory record')) if opts.get('advisory'): records.append(('x', 'advisory record')) ms._writerecords(records)