Mercurial > hg
view tests/test-duplicateoptions.py @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 352abbb0be88 |
children | d289b8847f23 |
line wrap: on
line source
import os from mercurial import ui, commands, extensions ignore = set(['highlight', 'win32text', 'factotum']) if os.name != 'nt': ignore.add('win32mbcs') disabled = [ext for ext in extensions.disabled().keys() if ext not in ignore] hgrc = open(os.environ["HGRCPATH"], 'w') hgrc.write('[extensions]\n') for ext in disabled: hgrc.write(ext + '=\n') hgrc.close() u = ui.ui() extensions.loadall(u) globalshort = set() globallong = set() for option in commands.globalopts: option[0] and globalshort.add(option[0]) option[1] and globallong.add(option[1]) for cmd, entry in commands.table.iteritems(): seenshort = globalshort.copy() seenlong = globallong.copy() for option in entry[1]: if (option[0] and option[0] in seenshort) or \ (option[1] and option[1] in seenlong): print "command '" + cmd + "' has duplicate option " + str(option) seenshort.add(option[0]) seenlong.add(option[1])