Mercurial > hg
view tests/test-debian-packages.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 7f49efcaa9b4 |
children | 3c9066ed557c |
line wrap: on
line source
#require test-repo slow debhelper Ensure debuild doesn't run the testsuite, as that could get silly. $ DEB_BUILD_OPTIONS=nocheck $ export DEB_BUILD_OPTIONS $ OUTPUTDIR=`pwd` $ export OUTPUTDIR $ cd "$TESTDIR"/.. $ make deb > $OUTPUTDIR/build.log 2>&1 $ cd $OUTPUTDIR $ ls *.deb mercurial-common_*.deb (glob) mercurial_*.deb (glob) main deb should have .so but no .py $ dpkg --contents mercurial_*.deb | egrep '(localrepo|parsers)' * ./usr/lib/python2.7/dist-packages/mercurial/parsers*.so (glob) mercurial-common should have py but no .so or pyc $ dpkg --contents mercurial-common_*.deb | egrep '(localrepo|parsers)' * ./usr/lib/python2.7/dist-packages/mercurial/localrepo.py (glob)