Mercurial > hg
view tests/test-hg-parseurl.py @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
| author | Mateusz Kwapich <mitrandir@fb.com> |
|---|---|
| date | Tue, 22 Mar 2016 17:27:27 -0700 |
| parents | 375872fdadba |
| children | 8a23f88131c3 |
line wrap: on
line source
from mercurial.hg import parseurl def testparse(url, branch=[]): print '%s, branches: %r' % parseurl(url, branch) testparse('http://example.com/no/anchor') testparse('http://example.com/an/anchor#foo') testparse('http://example.com/no/anchor/branches', branch=['foo']) testparse('http://example.com/an/anchor/branches#bar', branch=['foo']) testparse('http://example.com/an/anchor/branches-None#foo', branch=None) testparse('http://example.com/') testparse('http://example.com') testparse('http://example.com#foo')