view tests/test-merge-revert.t @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 28e2e3804f2e
children 55c6ebd11cb9
line wrap: on
line source

  $ hg init

  $ echo "added file1" > file1
  $ echo "added file2" > file2
  $ hg add file1 file2
  $ hg commit -m "added file1 and file2"

  $ echo "changed file1" >> file1
  $ hg commit -m "changed file1"

  $ hg -q log
  1:08a16e8e4408
  0:d29c767a4b52
  $ hg id
  08a16e8e4408 tip

  $ hg update -C 0
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ hg id
  d29c767a4b52
  $ echo "changed file1" >> file1
  $ hg id
  d29c767a4b52+

  $ hg revert --all
  reverting file1
  $ hg diff
  $ hg status
  ? file1.orig
  $ hg id
  d29c767a4b52

  $ hg update
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ hg diff
  $ hg status
  ? file1.orig
  $ hg id
  08a16e8e4408 tip

  $ hg update -C 0
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ echo "changed file1" >> file1

  $ hg update
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ hg diff
  $ hg status
  ? file1.orig
  $ hg id
  08a16e8e4408 tip

  $ hg revert --all
  $ hg diff
  $ hg status
  ? file1.orig
  $ hg id
  08a16e8e4408 tip

  $ hg revert -r tip --all
  $ hg diff
  $ hg status
  ? file1.orig
  $ hg id
  08a16e8e4408 tip

  $ hg update -C
  0 files updated, 0 files merged, 0 files removed, 0 files unresolved
  $ hg diff
  $ hg status
  ? file1.orig
  $ hg id
  08a16e8e4408 tip