Mercurial > hg
view tests/test-pull-update.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 216cc65cf227 |
children | 6b1fc09c699a |
line wrap: on
line source
$ hg init t $ cd t $ echo 1 > foo $ hg ci -Am m adding foo $ cd .. $ hg clone t tt updating to branch default 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ cd tt $ echo 1.1 > foo $ hg ci -Am m $ cd ../t $ echo 1.2 > foo $ hg ci -Am m Should not update: $ hg pull -u ../tt pulling from ../tt searching for changes adding changesets adding manifests adding file changes added 1 changesets with 1 changes to 1 files (+1 heads) abort: not updating: not a linear update (merge or update --check to force update) [255] $ cd ../tt Should not update: $ hg pull -u ../t pulling from ../t searching for changes adding changesets adding manifests adding file changes added 1 changesets with 1 changes to 1 files (+1 heads) abort: not updating: not a linear update (merge or update --check to force update) [255] $ HGMERGE=true hg merge merging foo 0 files updated, 1 files merged, 0 files removed, 0 files unresolved (branch merge, don't forget to commit) $ hg ci -mm $ cd ../t Should work: $ hg pull -u ../tt pulling from ../tt searching for changes adding changesets adding manifests adding file changes added 1 changesets with 1 changes to 1 files (-1 heads) 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ cd ..