Mercurial Mercurial > hg / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests-subrepo-git: emit a different "pwned" message based on the test stable 3.8.3
authorDanek Duvall <danek.duvall@oracle.com>
Fri, 27 May 2016 15:20:03 -0700
branchstable
changeset 29257 a9764ab80e11
parent 29256 1f8b861ba15c
child 29271 3737f9818133
tests-subrepo-git: emit a different "pwned" message based on the test Having a single "pwned" message which may or may not be emitted during the tests for CVE-2016-3068 leads to extra confusion. Allow each test to emit a more detailed message based on what the expectations are. In both cases, we expect a version of git which has had the vulnerability plugged, as well as a version of mercurial which also knows about GIT_ALLOW_PROTOCOL. For the first test, we make sure GIT_ALLOW_PROTOCOL is unset, meaning that the ext-protocol subrepo should be ignored; if it isn't, there's either a problem with mercurial or the installed copy of git. For the second test, we explicitly allow ext-protocol subrepos, which means that the subrepo will be accessed and a message emitted confirming that this was, in fact, our intention.
tests/test-subrepo-git.t file | annotate | diff | comparison | revisions 
--- a/tests/test-subrepo-git.t	Fri May 27 15:10:38 2016 -0700
+++ b/tests/test-subrepo-git.t	Fri May 27 15:20:03 2016 -0700
@@ -1135,7 +1135,7 @@
 test for Git CVE-2016-3068
   $ hg init malicious-subrepository
   $ cd malicious-subrepository
-  $ echo "s = [git]ext::sh -c echo% pwned% >pwned.txt" > .hgsub
+  $ echo "s = [git]ext::sh -c echo% \$PWNED_MSG% >pwned.txt" > .hgsub
   $ git init s
   Initialized empty Git repository in $TESTTMP/tc/malicious-subrepository/s/.git/
   $ cd s
@@ -1146,26 +1146,29 @@
   $ hg commit -m "add subrepo"
   $ cd ..
   $ rm -f pwned.txt
-  $ env -u GIT_ALLOW_PROTOCOL hg clone malicious-subrepository malicious-subrepository-protected
+  $ env -u GIT_ALLOW_PROTOCOL \
+  > PWNED_MSG="your git is too old or mercurial has regressed" hg clone \
+  > malicious-subrepository malicious-subrepository-protected
   Cloning into '$TESTTMP/tc/malicious-subrepository-protected/s'... (glob)
   fatal: transport 'ext' not allowed
   updating to branch default
-  cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt
+  cloning subrepo s from ext::sh -c echo% $PWNED_MSG% >pwned.txt
   abort: git clone error 128 in s (in subrepo s)
   [255]
   $ test -f pwned.txt && cat pwned.txt || true
 
 whitelisting of ext should be respected (that's the git submodule behaviour)
   $ rm -f pwned.txt
-  $ env GIT_ALLOW_PROTOCOL=ext hg clone malicious-subrepository malicious-subrepository-clone-allowed
+  $ env GIT_ALLOW_PROTOCOL=ext PWNED_MSG="you asked for it" hg clone \
+  > malicious-subrepository malicious-subrepository-clone-allowed
   Cloning into '$TESTTMP/tc/malicious-subrepository-clone-allowed/s'... (glob)
   fatal: Could not read from remote repository.
   
   Please make sure you have the correct access rights
   and the repository exists.
   updating to branch default
-  cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt
+  cloning subrepo s from ext::sh -c echo% $PWNED_MSG% >pwned.txt
   abort: git clone error 128 in s (in subrepo s)
   [255]
   $ cat pwned.txt
-  pwned
+  you asked for it
Mercurial