view tests/test-dirstate-nonnormalset.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 127cc7f78475
children ed84a4d48910
line wrap: on
line source

  $ cat >> $HGRCPATH << EOF
  > [ui]
  > logtemplate="{rev}:{node|short} ({phase}) [{tags} {bookmarks}] {desc|firstline}\n"
  > [extensions]
  > dirstateparanoidcheck = $TESTDIR/../contrib/dirstatenonnormalcheck.py
  > [experimental]
  > nonnormalparanoidcheck = True
  > [devel]
  > all-warnings=True
  > EOF
  $ mkcommit() {
  >    echo "$1" > "$1"
  >    hg add "$1"
  >    hg ci -m "add $1"
  > }

  $ hg init testrepo
  $ cd testrepo
  $ mkcommit a
  $ mkcommit b
  $ mkcommit c
  $ hg status