Mercurial > hg
view tests/test-convert-svn-tags.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 7a9cbb315d84 |
children |
line wrap: on
line source
#require svn svn-bindings $ cat >> $HGRCPATH <<EOF > [extensions] > convert = > EOF $ svnadmin create svn-repo $ svnadmin load -q svn-repo < "$TESTDIR/svn/tags.svndump" Convert $ hg convert --datesort svn-repo A-hg initializing destination A-hg repository scanning source... sorting... converting... 5 init projA 4 adda 3 changea 2 changea2 1 changea3 0 changea updating tags $ cd A-hg $ hg log -G --template '{rev} {desc|firstline} tags: {tags}\n' o 6 update tags tags: tip | o 5 changea tags: trunk.goodtag | o 4 changea3 tags: | o 3 changea2 tags: trunk.v1 | o 2 changea tags: | o 1 adda tags: | o 0 init projA tags: $ hg tags -q tip trunk.goodtag trunk.v1 $ cd .. Convert without tags $ hg convert --datesort --config convert.svn.tags= svn-repo A-notags-hg initializing destination A-notags-hg repository scanning source... sorting... converting... 5 init projA 4 adda 3 changea 2 changea2 1 changea3 0 changea $ hg -R A-notags-hg tags -q tip