Mercurial > hg
view tests/test-hghave.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 342ab95a1f4b |
children | 5af78c524f34 |
line wrap: on
line source
Testing that hghave does not crash when checking features $ hghave --test-features 2>/dev/null Testing hghave extensibility for third party tools $ cat > hghaveaddon.py <<EOF > import hghave > @hghave.check("custom", "custom hghave feature") > def has_custom(): > return True > EOF (invocation via run-tests.py) $ cat > test-hghaveaddon.t <<EOF > #require custom > $ echo foo > foo > EOF $ run-tests.py $HGTEST_RUN_TESTS_PURE test-hghaveaddon.t . # Ran 1 tests, 0 skipped, 0 warned, 0 failed. (invocation via command line) $ unset TESTDIR $ hghave custom (terminate with exit code 2 at failure of importing hghaveaddon.py) $ rm hghaveaddon.* $ cat > hghaveaddon.py <<EOF > importing this file should cause syntax error > EOF $ hghave custom failed to import hghaveaddon.py from '.': invalid syntax (hghaveaddon.py, line 1) [2]