Mercurial > hg
view tests/test-merge4.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 63c817ea4a70 |
children | 8561ad49915d |
line wrap: on
line source
$ hg init $ echo This is file a1 > a $ hg add a $ hg commit -m "commit #0" $ echo This is file b1 > b $ hg add b $ hg commit -m "commit #1" $ hg update 0 0 files updated, 0 files merged, 1 files removed, 0 files unresolved $ echo This is file c1 > c $ hg add c $ hg commit -m "commit #2" created new head $ hg merge 1 1 files updated, 0 files merged, 0 files removed, 0 files unresolved (branch merge, don't forget to commit) $ rm b $ echo This is file c22 > c Test hg behaves when committing with a missing file added by a merge $ hg commit -m "commit #3" abort: cannot commit merge with missing files [255]