Mercurial > hg
view tests/test-requires.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 4b0fc75f9403 |
children | bd872f64a8ba |
line wrap: on
line source
$ hg init t $ cd t $ echo a > a $ hg add a $ hg commit -m test $ rm .hg/requires $ hg tip abort: index 00changelog.i unknown format 2! [255] $ echo indoor-pool > .hg/requires $ hg tip abort: repository requires features unknown to this Mercurial: indoor-pool! (see https://mercurial-scm.org/wiki/MissingRequirement for more information) [255] $ echo outdoor-pool >> .hg/requires $ hg tip abort: repository requires features unknown to this Mercurial: indoor-pool outdoor-pool! (see https://mercurial-scm.org/wiki/MissingRequirement for more information) [255] $ cd .. Test checking between features supported locally and ones required in another repository of push/pull/clone on localhost: $ mkdir supported-locally $ cd supported-locally $ hg init supported $ echo a > supported/a $ hg -R supported commit -Am '#0 at supported' adding a $ echo 'featuresetup-test' >> supported/.hg/requires $ cat > $TESTTMP/supported-locally/supportlocally.py <<EOF > from mercurial import localrepo, extensions > def featuresetup(ui, supported): > for name, module in extensions.extensions(ui): > if __name__ == module.__name__: > # support specific feature locally > supported |= set(['featuresetup-test']) > return > def uisetup(ui): > localrepo.localrepository.featuresetupfuncs.add(featuresetup) > EOF $ cat > supported/.hg/hgrc <<EOF > [extensions] > # enable extension locally > supportlocally = $TESTTMP/supported-locally/supportlocally.py > EOF $ hg -R supported status $ hg init push-dst $ hg -R supported push push-dst pushing to push-dst abort: required features are not supported in the destination: featuresetup-test [255] $ hg init pull-src $ hg -R pull-src pull supported pulling from supported abort: required features are not supported in the destination: featuresetup-test [255] $ hg clone supported clone-dst abort: repository requires features unknown to this Mercurial: featuresetup-test! (see https://mercurial-scm.org/wiki/MissingRequirement for more information) [255] $ hg clone --pull supported clone-dst abort: required features are not supported in the destination: featuresetup-test [255] $ cd ..