Mercurial > hg
view tests/test-mq-qgoto.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | bbf544b5f2e9 |
children |
line wrap: on
line source
$ echo "[extensions]" >> $HGRCPATH $ echo "mq=" >> $HGRCPATH $ hg init a $ cd a $ echo a > a $ hg ci -Ama adding a $ hg qnew a.patch $ echo a >> a $ hg qrefresh $ hg qnew b.patch $ echo b > b $ hg add b $ hg qrefresh $ hg qnew c.patch $ echo c > c $ hg add c $ hg qrefresh $ hg qgoto a.patch popping c.patch popping b.patch now at: a.patch $ hg qgoto c.patch applying b.patch applying c.patch now at: c.patch $ hg qgoto b.patch popping c.patch now at: b.patch Using index: $ hg qgoto 0 popping b.patch now at: a.patch $ hg qgoto 2 applying b.patch applying c.patch now at: c.patch No warnings when using index ... and update from non-qtip and with pending changes in unrelated files: $ hg qnew bug314159 $ echo d >> c $ hg qrefresh $ hg qnew bug141421 $ echo e >> b $ hg qrefresh $ hg up -r bug314159 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ echo f >> a $ echo f >> b $ echo f >> c $ hg qgoto 1 abort: local changes found, qrefresh first [255] $ hg qgoto 1 -f popping bug141421 popping bug314159 popping c.patch now at: b.patch $ hg st M a M b ? c.orig $ hg up -qCr. $ hg qgoto 3 applying c.patch applying bug314159 now at: bug314159 Detect ambiguous non-index: $ hg qgoto 14 patch name "14" is ambiguous: bug314159 bug141421 abort: patch 14 not in series [255] $ cd ..