view tests/test-ui-color.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents ff1586a3adc5
children 2e5be704bc96
line wrap: on
line source

import os
from hgext import color
from mercurial import dispatch, ui

# ensure errors aren't buffered
testui = color.colorui()
testui.pushbuffer()
testui.write(('buffered\n'))
testui.warn(('warning\n'))
testui.write_err('error\n')
print repr(testui.popbuffer())

# test dispatch.dispatch with the same ui object
hgrc = open(os.environ["HGRCPATH"], 'w')
hgrc.write('[extensions]\n')
hgrc.write('color=\n')
hgrc.close()

ui_ = ui.ui()
ui_.setconfig('ui', 'formatted', 'True')

# we're not interested in the output, so write that to devnull
ui_.fout = open(os.devnull, 'w')

# call some arbitrary command just so we go through
# color's wrapped _runcommand twice.
def runcmd():
    dispatch.dispatch(dispatch.request(['version', '-q'], ui_))

runcmd()
print "colored? " + str(issubclass(ui_.__class__, color.colorui))
runcmd()
print "colored? " + str(issubclass(ui_.__class__, color.colorui))