Mercurial > hg
view tests/svn-safe-append.py @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | c1b47c0fd2b6 |
children | bdba6a2015d0 |
line wrap: on
line source
#!/usr/bin/env python __doc__ = """Same as `echo a >> b`, but ensures a changed mtime of b. Without this svn will not detect workspace changes.""" import sys, os text = sys.argv[1] fname = sys.argv[2] f = open(fname, "ab") try: before = os.fstat(f.fileno()).st_mtime f.write(text) f.write("\n") finally: f.close() inc = 1 now = os.stat(fname).st_mtime while now == before: t = now + inc inc += 1 os.utime(fname, (t, t)) now = os.stat(fname).st_mtime