Mercurial > hg
view tests/test-merge-subrepos.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 0f64af33fb63 |
children | 439b4d005b4a |
line wrap: on
line source
$ hg init $ echo a > a $ hg ci -qAm 'add a' $ hg init subrepo $ echo 'subrepo = http://example.net/libfoo' > .hgsub $ hg ci -qAm 'added subrepo' $ hg up -qC 0 $ echo ax > a $ hg ci -m 'changed a' created new head $ hg up -qC 1 $ cd subrepo $ echo b > b $ hg add b $ cd .. Should fail, since there are added files to subrepo: $ hg merge abort: uncommitted changes in subrepository 'subrepo' [255]