Mercurial > hg
view tests/test-execute-bit.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 7a9cbb315d84 |
children | b7fde9237c92 |
line wrap: on
line source
#require execbit $ hg init $ echo a > a $ hg ci -Am'not executable' adding a $ chmod +x a $ hg ci -m'executable' $ hg id 79abf14474dc tip Make sure we notice the change of mode if the cached size == -1: $ hg rm a $ hg revert -r 0 a $ hg debugstate n 0 -1 unset a $ hg status M a $ hg up 0 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg id d69afc33ff8a $ test -x a && echo executable -- bad || echo not executable -- good not executable -- good