view tests/svn-safe-append.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents c1b47c0fd2b6
children bdba6a2015d0
line wrap: on
line source

#!/usr/bin/env python

__doc__ = """Same as `echo a >> b`, but ensures a changed mtime of b.
Without this svn will not detect workspace changes."""

import sys, os

text = sys.argv[1]
fname = sys.argv[2]

f = open(fname, "ab")
try:
    before = os.fstat(f.fileno()).st_mtime
    f.write(text)
    f.write("\n")
finally:
    f.close()
inc = 1
now = os.stat(fname).st_mtime
while now == before:
    t = now + inc
    inc += 1
    os.utime(fname, (t, t))
    now = os.stat(fname).st_mtime