Mercurial > hg
view tests/test-convert-bzr-treeroot.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 89872688893f |
children | 75be14993fda |
line wrap: on
line source
#require bzr $ . "$TESTDIR/bzr-definitions" $ cat > treeset.py <<EOF > import sys > from bzrlib import workingtree > wt = workingtree.WorkingTree.open('.') > > message, rootid = sys.argv[1:] > wt.set_root_id('tree_root-%s' % rootid) > wt.commit(message) > EOF change the id of the tree root $ mkdir test-change-treeroot-id $ cd test-change-treeroot-id $ bzr init -q source $ cd source $ echo content > file $ bzr add -q file $ bzr commit -q -m 'Initial add' $ python ../../treeset.py 'Changed root' new $ cd .. $ hg convert source source-hg initializing destination source-hg repository scanning source... sorting... converting... 1 Initial add 0 Changed root $ manifest source-hg tip % manifest of tip 644 file $ cd ..