Mercurial > hg

view tests/test-bad-pull.t @ 28663:ae279d4a19e9 stable 3.7.3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 8c14f87bd0ae
children 280528245ecf
line wrap: on
line source

#require serve killdaemons

#if windows
  $ hg clone http://localhost:$HGPORT/ copy
  abort: * (glob)
  [255]
#else
  $ hg clone http://localhost:$HGPORT/ copy
  abort: error: Connection refused
  [255]
#endif

  $ test -d copy
  [1]

  $ python "$TESTDIR/dumbhttp.py" -p $HGPORT --pid dumb.pid
  $ cat dumb.pid >> $DAEMON_PIDS
  $ hg clone http://localhost:$HGPORT/foo copy2
  abort: HTTP Error 404: * (glob)
  [255]
  $ killdaemons.py