Mercurial > hg
view tests/test-dirstate-nonnormalset.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 127cc7f78475 |
children | ed84a4d48910 |
line wrap: on
line source
$ cat >> $HGRCPATH << EOF > [ui] > logtemplate="{rev}:{node|short} ({phase}) [{tags} {bookmarks}] {desc|firstline}\n" > [extensions] > dirstateparanoidcheck = $TESTDIR/../contrib/dirstatenonnormalcheck.py > [experimental] > nonnormalparanoidcheck = True > [devel] > all-warnings=True > EOF $ mkcommit() { > echo "$1" > "$1" > hg add "$1" > hg ci -m "add $1" > } $ hg init testrepo $ cd testrepo $ mkcommit a $ mkcommit b $ mkcommit c $ hg status