view tests/fakemergerecord.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents a01ecbcfaf84
children b303b3817d0e
line wrap: on
line source

# Extension to write out fake unsupported records into the merge state
#
#

from __future__ import absolute_import

from mercurial import (
    cmdutil,
    merge,
)

cmdtable = {}
command = cmdutil.command(cmdtable)

@command('fakemergerecord',
         [('X', 'mandatory', None, 'add a fake mandatory record'),
          ('x', 'advisory', None, 'add a fake advisory record')], '')
def fakemergerecord(ui, repo, *pats, **opts):
    ms = merge.mergestate.read(repo)
    records = ms._makerecords()
    if opts.get('mandatory'):
        records.append(('X', 'mandatory record'))
    if opts.get('advisory'):
        records.append(('x', 'advisory record'))
    ms._writerecords(records)