view tests/test-convert-bzr-114.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 89872688893f
children 26127236b229
line wrap: on
line source

#require bzr bzr114

  $ . "$TESTDIR/bzr-definitions"

The file/directory replacement can only be reproduced on
bzr >= 1.4. Merge it back in test-convert-bzr-directories once
this version becomes mainstream.
replace file with dir

  $ mkdir test-replace-file-with-dir
  $ cd test-replace-file-with-dir
  $ bzr init -q source
  $ cd source
  $ echo d > d
  $ bzr add -q d
  $ bzr commit -q -m 'add d file'
  $ rm d
  $ mkdir d
  $ bzr add -q d
  $ bzr commit -q -m 'replace with d dir'
  $ echo a > d/a
  $ bzr add -q d/a
  $ bzr commit -q -m 'add d/a'
  $ cd ..
  $ hg convert source source-hg
  initializing destination source-hg repository
  scanning source...
  sorting...
  converting...
  2 add d file
  1 replace with d dir
  0 add d/a
  $ manifest source-hg tip
  % manifest of tip
  644   d/a
  $ cd source-hg
  $ hg update
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ cd ../..