Mercurial > hg
view tests/test-cat.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | c560d8c68791 |
children | bd5e9647f646 |
line wrap: on
line source
$ hg init $ echo 0 > a $ echo 0 > b $ hg ci -A -m m adding a adding b $ hg rm a $ hg cat a 0 $ hg cat --decode a # more tests in test-encode 0 $ echo 1 > b $ hg ci -m m $ echo 2 > b $ hg cat -r 0 a 0 $ hg cat -r 0 b 0 $ hg cat -r 1 a a: no such file in rev 7040230c159c [1] $ hg cat -r 1 b 1 Test multiple files $ echo 3 > c $ hg ci -Am addmore c $ hg cat b c 1 3 $ hg cat . 1 3 $ hg cat . c 1 3 Test fileset $ hg cat 'set:not(b) or a' 3 $ hg cat 'set:c or b' 1 3 $ mkdir tmp $ hg cat --output tmp/HH_%H c $ hg cat --output tmp/RR_%R c $ hg cat --output tmp/h_%h c $ hg cat --output tmp/r_%r c $ hg cat --output tmp/%s_s c $ hg cat --output tmp/%d%%_d c $ hg cat --output tmp/%p_p c $ hg log -r . --template "{rev}: {node|short}\n" 2: 45116003780e $ find tmp -type f | sort tmp/.%_d tmp/HH_45116003780e3678b333fb2c99fa7d559c8457e9 tmp/RR_2 tmp/c_p tmp/c_s tmp/h_45116003780e tmp/r_2 Test working directory $ echo b-wdir > b $ hg cat -r 'wdir()' b b-wdir