Mercurial > hg
view tests/test-clone-cgi.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 7a9cbb315d84 |
children | 75be14993fda |
line wrap: on
line source
#require no-msys # MSYS will translate web paths as if they were file paths This is a test of the wire protocol over CGI-based hgweb. initialize repository $ hg init test $ cd test $ echo a > a $ hg ci -Ama adding a $ cd .. $ cat >hgweb.cgi <<HGWEB > # > # An example CGI script to use hgweb, edit as necessary > import cgitb > cgitb.enable() > from mercurial import demandimport; demandimport.enable() > from mercurial.hgweb import hgweb > from mercurial.hgweb import wsgicgi > application = hgweb("test", "Empty test repository") > wsgicgi.launch(application) > HGWEB $ chmod 755 hgweb.cgi try hgweb request $ . "$TESTDIR/cgienv" $ QUERY_STRING="cmd=changegroup&roots=0000000000000000000000000000000000000000"; export QUERY_STRING $ python hgweb.cgi >page1 2>&1 $ python "$TESTDIR/md5sum.py" page1 1f424bb22ec05c3c6bc866b6e67efe43 page1 make sure headers are sent even when there is no body $ QUERY_STRING="cmd=listkeys&namespace=nosuchnamespace" python hgweb.cgi Status: 200 Script output follows\r (esc) Content-Type: application/mercurial-0.1\r (esc) Content-Length: 0\r (esc) \r (esc)