view tests/test-convert-authormap.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents a0cbbf78c31a
children 4441705b7111
line wrap: on
line source


  $ cat >> $HGRCPATH <<EOF
  > [extensions]
  > convert=
  > EOF

Prepare orig repo

  $ hg init orig
  $ cd orig
  $ echo foo > foo
  $ HGUSER='user name' hg ci -qAm 'foo'
  $ cd ..

Explicit --authors

  $ cat > authormap.txt <<EOF
  > user name = Long User Name
  > 
  > # comment
  > this line is ignored
  > EOF
  $ hg convert --authors authormap.txt orig new
  initializing destination new repository
  ignoring bad line in author map file authormap.txt: this line is ignored
  scanning source...
  sorting...
  converting...
  0 foo
  writing author map file $TESTTMP/new/.hg/authormap (glob)
  $ cat new/.hg/authormap
  user name=Long User Name
  $ hg -Rnew log
  changeset:   0:d89716e88087
  tag:         tip
  user:        Long User Name
  date:        Thu Jan 01 00:00:00 1970 +0000
  summary:     foo
  
  $ rm -rf new

Implicit .hg/authormap

  $ hg init new
  $ mv authormap.txt new/.hg/authormap
  $ hg convert orig new
  ignoring bad line in author map file $TESTTMP/new/.hg/authormap: this line is ignored (glob)
  scanning source...
  sorting...
  converting...
  0 foo
  $ hg -Rnew log
  changeset:   0:d89716e88087
  tag:         tip
  user:        Long User Name
  date:        Thu Jan 01 00:00:00 1970 +0000
  summary:     foo