Mercurial > hg
view tests/test-update-issue1456.t @ 28663:ae279d4a19e9 stable 3.7.3
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:27:27 -0700 |
parents | 7a9cbb315d84 |
children | 527ce85c2e60 |
line wrap: on
line source
#require execbit $ rm -rf a $ hg init a $ cd a $ echo foo > foo $ hg ci -qAm0 $ echo toremove > toremove $ echo todelete > todelete $ chmod +x foo toremove todelete $ hg ci -qAm1 Test that local removed/deleted, remote removed works with flags $ hg rm toremove $ rm todelete $ hg co -q 0 $ echo dirty > foo $ hg up -c abort: uncommitted changes [255] $ hg up -q $ cat foo dirty $ hg st -A M foo C todelete C toremove Validate update of standalone execute bit change: $ hg up -C 0 1 files updated, 0 files merged, 2 files removed, 0 files unresolved $ chmod -x foo $ hg ci -m removeexec nothing changed [1] $ hg up -C 0 0 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg up 3 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg st $ cd ..