Mercurial > hg
view tests/test-context.py.out @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | bfce25d25c96 |
children | 59aec562a50b |
line wrap: on
line source
workingfilectx.date = (1000, 0) ASCII : Gr?ezi! Latin-1 : Grüezi! UTF-8 : Grüezi! <status modified=['foo'], added=[], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> diff --git a/foo b/foo --- a/foo +++ b/foo @@ -1,1 +1,2 @@ foo +bar = checking context.status(): == checking workingctx.status: wctx._status=<status modified=['bar-m'], added=['bar-a'], removed=['bar-r'], deleted=[], unknown=[], ignored=[], clean=[]> === with "pattern match": <status modified=['bar-m'], added=[], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> wctx._status=<status modified=['bar-m'], added=['bar-a'], removed=['bar-r'], deleted=[], unknown=[], ignored=[], clean=[]> <status modified=[], added=['bar-m'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> wctx._status=<status modified=['bar-m'], added=['bar-a'], removed=['bar-r'], deleted=[], unknown=[], ignored=[], clean=[]> === with "always match" and "listclean=True": <status modified=['bar-m'], added=['bar-a'], removed=['bar-r'], deleted=[], unknown=[], ignored=[], clean=['foo']> wctx._status=<status modified=['bar-m'], added=['bar-a'], removed=['bar-r'], deleted=[], unknown=[], ignored=[], clean=[]> <status modified=[], added=['bar-a', 'bar-m'], removed=[], deleted=[], unknown=[], ignored=[], clean=['foo']> wctx._status=<status modified=['bar-m'], added=['bar-a'], removed=['bar-r'], deleted=[], unknown=[], ignored=[], clean=[]> == checking workingcommitctx.status: wcctx._status=<status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> === with "always match": <status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> wcctx._status=<status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> <status modified=[], added=['bar-a', 'bar-m', 'bar-r'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> wcctx._status=<status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> === with "always match" and "listclean=True": <status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=['bar-r', 'foo']> wcctx._status=<status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> <status modified=[], added=['bar-a', 'bar-m', 'bar-r'], removed=[], deleted=[], unknown=[], ignored=[], clean=['foo']> wcctx._status=<status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> === with "pattern match": <status modified=['bar-m'], added=[], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> wcctx._status=<status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> <status modified=[], added=['bar-m'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> wcctx._status=<status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> === with "pattern match" and "listclean=True": <status modified=[], added=[], removed=[], deleted=[], unknown=[], ignored=[], clean=['bar-r', 'foo']> wcctx._status=<status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]> <status modified=[], added=['bar-r'], removed=[], deleted=[], unknown=[], ignored=[], clean=['foo']> wcctx._status=<status modified=['bar-m'], added=['bar-a'], removed=[], deleted=[], unknown=[], ignored=[], clean=[]>