Mercurial > hg
view tests/test-simple-update.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | f2719b387380 |
children | 92bca12328d1 |
line wrap: on
line source
$ hg init test $ cd test $ echo foo>foo $ hg addremove adding foo $ hg commit -m "1" $ hg verify checking changesets checking manifests crosschecking files in changesets and manifests checking files 1 files, 1 changesets, 1 total revisions $ hg clone . ../branch updating to branch default 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ cd ../branch $ hg co 0 files updated, 0 files merged, 0 files removed, 0 files unresolved $ echo bar>>foo $ hg commit -m "2" $ cd ../test $ hg pull ../branch pulling from ../branch searching for changes adding changesets adding manifests adding file changes added 1 changesets with 1 changes to 1 files (run 'hg update' to get a working copy) $ hg verify checking changesets checking manifests crosschecking files in changesets and manifests checking files 1 files, 2 changesets, 2 total revisions $ hg co 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ cat foo foo bar $ hg manifest --debug 6f4310b00b9a147241b071a60c28a650827fb03d 644 foo update to rev 0 with a date $ hg upd -d foo 0 abort: you can't specify a revision and a date [255] $ cd ..