Mercurial > hg
view tests/test-merge-revert.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 28e2e3804f2e |
children | 55c6ebd11cb9 |
line wrap: on
line source
$ hg init $ echo "added file1" > file1 $ echo "added file2" > file2 $ hg add file1 file2 $ hg commit -m "added file1 and file2" $ echo "changed file1" >> file1 $ hg commit -m "changed file1" $ hg -q log 1:08a16e8e4408 0:d29c767a4b52 $ hg id 08a16e8e4408 tip $ hg update -C 0 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg id d29c767a4b52 $ echo "changed file1" >> file1 $ hg id d29c767a4b52+ $ hg revert --all reverting file1 $ hg diff $ hg status ? file1.orig $ hg id d29c767a4b52 $ hg update 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg diff $ hg status ? file1.orig $ hg id 08a16e8e4408 tip $ hg update -C 0 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ echo "changed file1" >> file1 $ hg update 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg diff $ hg status ? file1.orig $ hg id 08a16e8e4408 tip $ hg revert --all $ hg diff $ hg status ? file1.orig $ hg id 08a16e8e4408 tip $ hg revert -r tip --all $ hg diff $ hg status ? file1.orig $ hg id 08a16e8e4408 tip $ hg update -C 0 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg diff $ hg status ? file1.orig $ hg id 08a16e8e4408 tip