Mercurial > hg
view tests/lockdelay.py @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | d493d64757eb |
children | a76d5ba7ac43 |
line wrap: on
line source
# Dummy extension that adds a delay after acquiring a lock. # # This extension can be used to test race conditions between lock acquisition. from __future__ import absolute_import import os import time from mercurial import ( lock as lockmod, ) class delaylock(lockmod.lock): def lock(self): delay = float(os.environ.get('HGPRELOCKDELAY', '0.0')) if delay: time.sleep(delay) res = super(delaylock, self).lock() delay = float(os.environ.get('HGPOSTLOCKDELAY', '0.0')) if delay: time.sleep(delay) return res def extsetup(ui): lockmod.lock = delaylock