view tests/test-debian-packages.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 7f49efcaa9b4
children 3c9066ed557c
line wrap: on
line source

#require test-repo slow debhelper

Ensure debuild doesn't run the testsuite, as that could get silly.
  $ DEB_BUILD_OPTIONS=nocheck
  $ export DEB_BUILD_OPTIONS
  $ OUTPUTDIR=`pwd`
  $ export OUTPUTDIR

  $ cd "$TESTDIR"/..
  $ make deb > $OUTPUTDIR/build.log 2>&1
  $ cd $OUTPUTDIR
  $ ls *.deb
  mercurial-common_*.deb (glob)
  mercurial_*.deb (glob)
main deb should have .so but no .py
  $ dpkg --contents mercurial_*.deb | egrep '(localrepo|parsers)'
  * ./usr/lib/python2.7/dist-packages/mercurial/parsers*.so (glob)
mercurial-common should have py but no .so or pyc
  $ dpkg --contents mercurial-common_*.deb | egrep '(localrepo|parsers)'
  * ./usr/lib/python2.7/dist-packages/mercurial/localrepo.py (glob)