view tests/test-diff-issue2761.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 73e3e368bd42
children 55c6ebd11cb9
line wrap: on
line source

Test issue2761

  $ hg init

  $ touch to-be-deleted
  $ hg add
  adding to-be-deleted
  $ hg ci -m first
  $ echo a > to-be-deleted
  $ hg ci -m second
  $ rm to-be-deleted
  $ hg diff -r 0

Same issue, different code path

  $ hg up -C
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ touch does-not-exist-in-1
  $ hg add
  adding does-not-exist-in-1
  $ hg ci -m third
  $ rm does-not-exist-in-1
  $ hg diff -r 1