##// END OF EJS Templates
convert: test for shell injection in git calls (SEC)...
convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

File last commit:

r28351:42a7301f default
r28663:ae279d4a 3.7.3 stable
Show More
casesmash.py
34 lines | 884 B | text/x-python | PythonLexer
Simon Heimberg
cleanup: remove unused imports...
r19322 import os, __builtin__
Matt Mackall
merge with stable
r14730 from mercurial import util
def lowerwrap(scope, funcname):
f = getattr(scope, funcname)
def wrap(fname, *args, **kwargs):
d, base = os.path.split(fname)
try:
files = os.listdir(d or '.')
Simon Heimberg
cleanup: drop unused variables and an unused import
r19378 except OSError:
Matt Mackall
merge with stable
r14730 files = []
if base in files:
return f(fname, *args, **kwargs)
for fn in files:
if fn.lower() == base.lower():
return f(os.path.join(d, fn), *args, **kwargs)
return f(fname, *args, **kwargs)
scope.__dict__[funcname] = wrap
def normcase(path):
return path.lower()
os.path.normcase = normcase
for f in 'file open'.split():
lowerwrap(__builtin__, f)
for f in "chmod chown open lstat stat remove unlink".split():
lowerwrap(os, f)
for f in "exists lexists".split():
lowerwrap(os.path, f)
lowerwrap(util, 'posixfile')