Mercurial > hg
view tests/test-gpg.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 4d2b9b304ad0 |
children | 66e038fb3c0d |
line wrap: on
line source
#require gpg Test the GPG extension $ cat <<EOF >> $HGRCPATH > [extensions] > gpg= > > [gpg] > cmd=gpg --no-permission-warning --no-secmem-warning --no-auto-check-trustdb --homedir "$TESTDIR/gpg" > EOF $ hg init r $ cd r $ echo foo > foo $ hg ci -Amfoo adding foo $ hg sigs $ HGEDITOR=cat hg sign -e 0 signing 0:e63c23eaa88a Added signature for changeset e63c23eaa88a HG: Enter commit message. Lines beginning with 'HG:' are removed. HG: Leave message empty to abort commit. HG: -- HG: user: test HG: branch 'default' HG: added .hgsigs $ hg sigs hgtest 0:e63c23eaa88ae77967edcf4ea194d31167c478b0 $ hg sigcheck 0 e63c23eaa88a is signed by: hgtest verify that this test has not modified the trustdb.gpg file back in the main hg working dir $ md5sum.py "$TESTDIR/gpg/trustdb.gpg" f6b9c78c65fa9536e7512bb2ceb338ae */gpg/trustdb.gpg (glob) don't leak any state to next test run $ rm -f "$TESTDIR/gpg/random_seed" $ cd ..