Mercurial > hg
view tests/test-convert-bzr-114.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 89872688893f |
children | 26127236b229 |
line wrap: on
line source
#require bzr bzr114 $ . "$TESTDIR/bzr-definitions" The file/directory replacement can only be reproduced on bzr >= 1.4. Merge it back in test-convert-bzr-directories once this version becomes mainstream. replace file with dir $ mkdir test-replace-file-with-dir $ cd test-replace-file-with-dir $ bzr init -q source $ cd source $ echo d > d $ bzr add -q d $ bzr commit -q -m 'add d file' $ rm d $ mkdir d $ bzr add -q d $ bzr commit -q -m 'replace with d dir' $ echo a > d/a $ bzr add -q d/a $ bzr commit -q -m 'add d/a' $ cd .. $ hg convert source source-hg initializing destination source-hg repository scanning source... sorting... converting... 2 add d file 1 replace with d dir 0 add d/a $ manifest source-hg tip % manifest of tip 644 d/a $ cd source-hg $ hg update 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ cd ../..