Mercurial > hg
view tests/test-bdiff.py.out @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | eeac5e179243 |
children | 9a8363d23419 |
line wrap: on
line source
*** 'a\nc\n\n\n\n' 'a\nb\n\n\n' *** 'a\nb\nc\n' 'a\nc\n' *** '' '' *** 'a\nb\nc' 'a\nb\nc' *** 'a\nb\nc\nd\n' 'a\nd\n' *** 'a\nb\nc\nd\n' 'a\nc\ne\n' *** 'a\nb\nc\n' 'a\nc\n' *** 'a\n' 'c\na\nb\n' *** 'a\n' '' *** 'a\n' 'b\nc\n' *** 'a\n' 'c\na\n' *** '' 'adjfkjdjksdhfksj' *** '' 'ab' *** '' 'abc' *** 'a' 'a' *** 'ab' 'ab' *** 'abc' 'abc' *** 'a\n' 'a\n' *** 'a\nb' 'a\nb' 6 6 'y\n\n' 6 6 'y\n\n' 9 9 'y\n\n' done done