Mercurial > hg
view tests/test-encode.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | f2719b387380 |
children | 538353b80676 |
line wrap: on
line source
Test encode/decode filters $ hg init $ cat > .hg/hgrc <<EOF > [encode] > not.gz = tr [:lower:] [:upper:] > *.gz = gzip -d > [decode] > not.gz = tr [:upper:] [:lower:] > *.gz = gzip > EOF $ echo "this is a test" | gzip > a.gz $ echo "this is a test" > not.gz $ hg add * $ hg ci -m "test" no changes $ hg status $ touch * no changes $ hg status check contents in repo are encoded $ hg debugdata a.gz 0 this is a test $ hg debugdata not.gz 0 THIS IS A TEST check committed content was decoded $ gunzip < a.gz this is a test $ cat not.gz this is a test $ rm * $ hg co -C 2 files updated, 0 files merged, 0 files removed, 0 files unresolved check decoding of our new working dir copy $ gunzip < a.gz this is a test $ cat not.gz this is a test check hg cat operation $ hg cat a.gz this is a test $ hg cat --decode a.gz | gunzip this is a test $ mkdir subdir $ cd subdir $ hg -R .. cat ../a.gz this is a test $ hg -R .. cat --decode ../a.gz | gunzip this is a test $ cd ..