Mercurial > hg
view tests/test-issue612.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 2fc86d92c4a9 |
children | 4441705b7111 |
line wrap: on
line source
https://bz.mercurial-scm.org/612 $ hg init $ mkdir src $ echo a > src/a.c $ hg ci -Ama adding src/a.c $ hg mv src source moving src/a.c to source/a.c (glob) $ hg ci -Ammove $ hg co -C 0 1 files updated, 0 files merged, 1 files removed, 0 files unresolved $ echo new > src/a.c $ echo compiled > src/a.o $ hg ci -mupdate created new head $ hg status ? src/a.o $ hg merge merging src/a.c and source/a.c to source/a.c 0 files updated, 1 files merged, 0 files removed, 0 files unresolved (branch merge, don't forget to commit) $ hg status M source/a.c R src/a.c ? src/a.o