view tests/test-empty-dir.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 3b165c127690
children
line wrap: on
line source

  $ hg init

  $ echo 123 > a
  $ hg add a
  $ hg commit -m "first" a

  $ mkdir sub
  $ echo 321 > sub/b
  $ hg add sub/b
  $ hg commit -m "second" sub/b

  $ cat sub/b
  321

  $ hg co 0
  0 files updated, 0 files merged, 1 files removed, 0 files unresolved

  $ cat sub/b 2>/dev/null || echo "sub/b not present"
  sub/b not present

  $ test -d sub || echo "sub not present"
  sub not present