Mercurial > hg
view tests/test-revset-dirstate-parents.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 7d87f672d069 |
children | 7bbc4e113e5f |
line wrap: on
line source
$ HGENCODING=utf-8 $ export HGENCODING $ try() { > hg debugrevspec --debug $@ > } $ log() { > hg log --template '{rev}\n' -r "$1" > } $ hg init repo $ cd repo $ try 'p1()' (func ('symbol', 'p1') None) * set: <baseset []> $ try 'p2()' (func ('symbol', 'p2') None) * set: <baseset []> $ try 'parents()' (func ('symbol', 'parents') None) * set: <baseset+ []> null revision $ log 'p1()' $ log 'p2()' $ log 'parents()' working dir with a single parent $ echo a > a $ hg ci -Aqm0 $ log 'p1()' 0 $ log 'tag() and p1()' $ log 'p2()' $ log 'parents()' 0 $ log 'tag() and parents()' merge in progress $ echo b > b $ hg ci -Aqm1 $ hg up -q 0 $ echo c > c $ hg ci -Aqm2 $ hg merge -q $ log 'p1()' 2 $ log 'p2()' 1 $ log 'tag() and p2()' $ log 'parents()' 1 2 $ cd ..