Mercurial > hg
view tests/test-eol-tag.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 2fc86d92c4a9 |
children |
line wrap: on
line source
https://bz.mercurial-scm.org/2493 Testing tagging with the EOL extension $ cat >> $HGRCPATH <<EOF > [extensions] > eol = > > [eol] > native = CRLF > EOF setup repository $ hg init repo $ cd repo $ cat > .hgeol <<EOF > [patterns] > ** = native > EOF $ printf "first\r\nsecond\r\nthird\r\n" > a.txt $ hg commit --addremove -m 'checkin' adding .hgeol adding a.txt Tag: $ hg tag 1.0 Rewrite .hgtags file as it would look on a new checkout: $ hg update -q null $ hg update -q Touch .hgtags file again: $ hg tag 2.0 $ cd ..