Mercurial > hg
view tests/hgweberror.py @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 74e6de99ce7f |
children | 3d60a22e27f5 |
line wrap: on
line source
# A dummy extension that installs an hgweb command that throws an Exception. from __future__ import absolute_import from mercurial.hgweb import ( webcommands, ) def raiseerror(web, req, tmpl): '''Dummy web command that raises an uncaught Exception.''' # Simulate an error after partial response. if 'partialresponse' in req.form: req.respond(200, 'text/plain') req.write('partial content\n') raise AttributeError('I am an uncaught error!') def extsetup(ui): setattr(webcommands, 'raiseerror', raiseerror) webcommands.__all__.append('raiseerror')