view tests/test-execute-bit.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 7a9cbb315d84
children b7fde9237c92
line wrap: on
line source

#require execbit

  $ hg init
  $ echo a > a
  $ hg ci -Am'not executable'
  adding a

  $ chmod +x a
  $ hg ci -m'executable'
  $ hg id
  79abf14474dc tip

Make sure we notice the change of mode if the cached size == -1:

  $ hg rm a
  $ hg revert -r 0 a
  $ hg debugstate
  n   0         -1 unset               a
  $ hg status
  M a

  $ hg up 0
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ hg id
  d69afc33ff8a
  $ test -x a && echo executable -- bad || echo not executable -- good
  not executable -- good