view tests/test-encode.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents f2719b387380
children 538353b80676
line wrap: on
line source

Test encode/decode filters

  $ hg init
  $ cat > .hg/hgrc <<EOF
  > [encode]
  > not.gz = tr [:lower:] [:upper:]
  > *.gz = gzip -d
  > [decode]
  > not.gz = tr [:upper:] [:lower:]
  > *.gz = gzip
  > EOF
  $ echo "this is a test" | gzip > a.gz
  $ echo "this is a test" > not.gz
  $ hg add *
  $ hg ci -m "test"

no changes

  $ hg status
  $ touch *

no changes

  $ hg status

check contents in repo are encoded

  $ hg debugdata a.gz 0
  this is a test
  $ hg debugdata not.gz 0
  THIS IS A TEST

check committed content was decoded

  $ gunzip < a.gz
  this is a test
  $ cat not.gz
  this is a test
  $ rm *
  $ hg co -C
  2 files updated, 0 files merged, 0 files removed, 0 files unresolved

check decoding of our new working dir copy

  $ gunzip < a.gz
  this is a test
  $ cat not.gz
  this is a test

check hg cat operation

  $ hg cat a.gz
  this is a test
  $ hg cat --decode a.gz | gunzip
  this is a test
  $ mkdir subdir
  $ cd subdir
  $ hg -R .. cat ../a.gz
  this is a test
  $ hg -R .. cat --decode ../a.gz | gunzip
  this is a test

  $ cd ..