view tests/fakepatchtime.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents f624b0e69105
children 7be2f229285b
line wrap: on
line source

# extension to emulate invoking 'patch.internalpatch()' at the time
# specified by '[fakepatchtime] fakenow'

from __future__ import absolute_import

from mercurial import (
    extensions,
    patch as patchmod,
    util,
)

def internalpatch(orig, ui, repo, patchobj, strip,
                  prefix='', files=None,
                  eolmode='strict', similarity=0):
    if files is None:
        files = set()
    r = orig(ui, repo, patchobj, strip,
             prefix=prefix, files=files,
             eolmode=eolmode, similarity=similarity)

    fakenow = ui.config('fakepatchtime', 'fakenow')
    if fakenow:
        # parsing 'fakenow' in YYYYmmddHHMM format makes comparison between
        # 'fakenow' value and 'touch -t YYYYmmddHHMM' argument easy
        fakenow = util.parsedate(fakenow, ['%Y%m%d%H%M'])[0]
        for f in files:
            repo.wvfs.utime(f, (fakenow, fakenow))

    return r

def extsetup(ui):
    extensions.wrapfunction(patchmod, 'internalpatch', internalpatch)