Mercurial > hg
view tests/heredoctest.py @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 4179d054b3e9 |
children | 6a98f9408a50 |
line wrap: on
line source
from __future__ import absolute_import import sys globalvars = {} lines = sys.stdin.readlines() while lines: l = lines.pop(0) if l.startswith('SALT'): print(l[:-1]) elif l.startswith('>>> '): snippet = l[4:] while lines and lines[0].startswith('... '): l = lines.pop(0) snippet += l[4:] c = compile(snippet, '<heredoc>', 'single') try: exec(c, globalvars) except Exception as inst: print(repr(inst))