Mercurial > hg
view tests/test-debugindexdot.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | a03c3ba3e4b5 |
children | 435481393198 |
line wrap: on
line source
Just exercise debugindexdot Create a short file history including a merge. $ hg init t $ cd t $ echo a > a $ hg ci -qAm t1 -d '0 0' $ echo a >> a $ hg ci -m t2 -d '1 0' $ hg up -qC 0 $ echo b >> a $ hg ci -m t3 -d '2 0' created new head $ HGMERGE=true hg merge -q $ hg ci -m merge -d '3 0' $ hg debugindexdot .hg/store/data/a.i digraph G { -1 -> 0 0 -> 1 0 -> 2 2 -> 3 1 -> 3 } $ cd ..