view tests/heredoctest.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 4179d054b3e9
children 6a98f9408a50
line wrap: on
line source

from __future__ import absolute_import

import sys

globalvars = {}
lines = sys.stdin.readlines()
while lines:
    l = lines.pop(0)
    if l.startswith('SALT'):
        print(l[:-1])
    elif l.startswith('>>> '):
        snippet = l[4:]
        while lines and lines[0].startswith('... '):
            l = lines.pop(0)
            snippet += l[4:]
        c = compile(snippet, '<heredoc>', 'single')
        try:
            exec(c, globalvars)
        except Exception as inst:
            print(repr(inst))