Mercurial > hg
view tests/test-bad-pull.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 8c14f87bd0ae |
children | 280528245ecf |
line wrap: on
line source
#require serve killdaemons #if windows $ hg clone http://localhost:$HGPORT/ copy abort: * (glob) [255] #else $ hg clone http://localhost:$HGPORT/ copy abort: error: Connection refused [255] #endif $ test -d copy [1] $ python "$TESTDIR/dumbhttp.py" -p $HGPORT --pid dumb.pid $ cat dumb.pid >> $DAEMON_PIDS $ hg clone http://localhost:$HGPORT/foo copy2 abort: HTTP Error 404: * (glob) [255] $ killdaemons.py