Added tag 3.7.3 for changeset
ae279d4a19e9
convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
convert: dead code removal - old git calling functions (SEC)
CVE-2016-3069 (3/5)
convert: rewrite calls to Git to use the new shelling mechanism (SEC)
CVE-2016-3069 (2/5)
One test output changed because we were ignoring git return code in numcommits
before.
convert: add new, non-clowny interface for shelling out to git (SEC)
CVE-2016-3069 (1/5)
To avoid shell injection and for the sake of simplicity let's use the
common.commandline for calling git.