view tests/test-diff-subdir.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 16961d43dc89
children
line wrap: on
line source

  $ hg init

  $ mkdir alpha
  $ touch alpha/one
  $ mkdir beta
  $ touch beta/two

  $ hg add alpha/one beta/two
  $ hg ci -m "start"

  $ echo 1 > alpha/one
  $ echo 2 > beta/two

everything

  $ hg diff --nodates
  diff -r 7d5ef1aea329 alpha/one
  --- a/alpha/one
  +++ b/alpha/one
  @@ -0,0 +1,1 @@
  +1
  diff -r 7d5ef1aea329 beta/two
  --- a/beta/two
  +++ b/beta/two
  @@ -0,0 +1,1 @@
  +2

beta only

  $ hg diff --nodates beta
  diff -r 7d5ef1aea329 beta/two
  --- a/beta/two
  +++ b/beta/two
  @@ -0,0 +1,1 @@
  +2

inside beta

  $ cd beta
  $ hg diff --nodates .
  diff -r 7d5ef1aea329 beta/two
  --- a/beta/two
  +++ b/beta/two
  @@ -0,0 +1,1 @@
  +2

relative to beta

  $ cd ..
  $ hg diff --nodates --root beta
  diff -r 7d5ef1aea329 two
  --- a/two
  +++ b/two
  @@ -0,0 +1,1 @@
  +2

inside beta

  $ cd beta
  $ hg diff --nodates --root .
  diff -r 7d5ef1aea329 two
  --- a/two
  +++ b/two
  @@ -0,0 +1,1 @@
  +2

  $ cd ..