view tests/sitecustomize.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 031947baf4d0
children b12bda49c3e3
line wrap: on
line source

import os

if os.environ.get('COVERAGE_PROCESS_START'):
    try:
        import coverage
        import random

        # uuid is better, but not available in Python 2.4.
        covpath = os.path.join(os.environ['COVERAGE_DIR'],
                               'cov.%s' % random.randrange(0, 1000000000000))
        cov = coverage.coverage(data_file=covpath, auto_data=True)
        cov._warn_no_data = False
        cov._warn_unimported_source = False
        cov.start()
    except ImportError:
        pass