view tests/test-duplicateoptions.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 352abbb0be88
children d289b8847f23
line wrap: on
line source

import os
from mercurial import ui, commands, extensions

ignore = set(['highlight', 'win32text', 'factotum'])

if os.name != 'nt':
    ignore.add('win32mbcs')

disabled = [ext for ext in extensions.disabled().keys() if ext not in ignore]

hgrc = open(os.environ["HGRCPATH"], 'w')
hgrc.write('[extensions]\n')

for ext in disabled:
    hgrc.write(ext + '=\n')

hgrc.close()

u = ui.ui()
extensions.loadall(u)

globalshort = set()
globallong = set()
for option in commands.globalopts:
    option[0] and globalshort.add(option[0])
    option[1] and globallong.add(option[1])

for cmd, entry in commands.table.iteritems():
    seenshort = globalshort.copy()
    seenlong = globallong.copy()
    for option in entry[1]:
        if (option[0] and option[0] in seenshort) or \
           (option[1] and option[1] in seenlong):
            print "command '" + cmd + "' has duplicate option " + str(option)
        seenshort.add(option[0])
        seenlong.add(option[1])