Mercurial > hg
view tests/sitecustomize.py @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 031947baf4d0 |
children | b12bda49c3e3 |
line wrap: on
line source
import os if os.environ.get('COVERAGE_PROCESS_START'): try: import coverage import random # uuid is better, but not available in Python 2.4. covpath = os.path.join(os.environ['COVERAGE_DIR'], 'cov.%s' % random.randrange(0, 1000000000000)) cov = coverage.coverage(data_file=covpath, auto_data=True) cov._warn_no_data = False cov._warn_unimported_source = False cov.start() except ImportError: pass