Mercurial > hg

view tests/hgweberror.py @ 28663:ae279d4a19e9 stable 3.7.3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 74e6de99ce7f
children 3d60a22e27f5
line wrap: on
line source

# A dummy extension that installs an hgweb command that throws an Exception.

from __future__ import absolute_import

from mercurial.hgweb import (
    webcommands,
)

def raiseerror(web, req, tmpl):
    '''Dummy web command that raises an uncaught Exception.'''

    # Simulate an error after partial response.
    if 'partialresponse' in req.form:
        req.respond(200, 'text/plain')
        req.write('partial content\n')

    raise AttributeError('I am an uncaught error!')

def extsetup(ui):
    setattr(webcommands, 'raiseerror', raiseerror)
    webcommands.__all__.append('raiseerror')