Show More
| @@ -57,6 +57,10 b' class convert_git(common.converter_sourc' | |||||
| 57 | super(convert_git, self).__init__(ui, path, revs=revs) |
|
57 | super(convert_git, self).__init__(ui, path, revs=revs) | |
| 58 | common.commandline.__init__(self, ui, 'git') |
|
58 | common.commandline.__init__(self, ui, 'git') | |
| 59 |
|
59 | |||
|
|
60 | # Pass an absolute path to git to prevent from ever being interpreted | |||
|
|
61 | # as a URL | |||
|
|
62 | path = os.path.abspath(path) | |||
|
|
63 | ||||
| 60 | if os.path.isdir(path + "/.git"): |
|
64 | if os.path.isdir(path + "/.git"): | |
| 61 | path += "/.git" |
|
65 | path += "/.git" | |
| 62 | if not os.path.exists(path + "/objects"): |
|
66 | if not os.path.exists(path + "/objects"): | |
| @@ -714,7 +714,7 b' damage git repository by renaming a comm' | |||||
| 714 | $ COMMIT_OBJ=1c/0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd |
|
714 | $ COMMIT_OBJ=1c/0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd | |
| 715 | $ mv git-repo4/.git/objects/$COMMIT_OBJ git-repo4/.git/objects/$COMMIT_OBJ.tmp |
|
715 | $ mv git-repo4/.git/objects/$COMMIT_OBJ git-repo4/.git/objects/$COMMIT_OBJ.tmp | |
| 716 | $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' |
|
716 | $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' | |
| 717 | abort: cannot retrieve number of commits in git-repo4/.git |
|
717 | abort: cannot retrieve number of commits in $TESTTMP/git-repo4/.git | |
| 718 | $ mv git-repo4/.git/objects/$COMMIT_OBJ.tmp git-repo4/.git/objects/$COMMIT_OBJ |
|
718 | $ mv git-repo4/.git/objects/$COMMIT_OBJ.tmp git-repo4/.git/objects/$COMMIT_OBJ | |
| 719 | damage git repository by renaming a blob object |
|
719 | damage git repository by renaming a blob object | |
| 720 |
|
720 | |||
| @@ -749,5 +749,22 b' test for escaping the repo name (CVE-201' | |||||
| 749 | $ test -f COMMAND-INJECTION |
|
749 | $ test -f COMMAND-INJECTION | |
| 750 | [1] |
|
750 | [1] | |
| 751 |
|
751 | |||
|
|
752 | test for safely passing paths to git (CVE-2016-3105) | |||
|
|
753 | ||||
|
|
754 | $ git init 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' | |||
|
|
755 | Initialized empty Git repository in $TESTTMP/ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #/.git/ | |||
|
|
756 | $ cd 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' | |||
|
|
757 | $ git commit -q --allow-empty -m 'empty' | |||
|
|
758 | $ cd .. | |||
|
|
759 | $ hg convert 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' 'converted-git-ext' | |||
|
|
760 | initializing destination converted-git-ext repository | |||
|
|
761 | scanning source... | |||
|
|
762 | sorting... | |||
|
|
763 | converting... | |||
|
|
764 | 0 empty | |||
|
|
765 | updating bookmarks | |||
|
|
766 | $ test -f GIT-EXT-COMMAND-INJECTION | |||
|
|
767 | [1] | |||
|
|
768 | ||||
| 752 | #endif |
|
769 | #endif | |
| 753 |
|
770 | |||
| @@ -422,7 +422,7 b' running from a devel copy, not a temp in' | |||||
| 422 | assuming destination emptydir-hg |
|
422 | assuming destination emptydir-hg | |
| 423 | initializing destination emptydir-hg repository |
|
423 | initializing destination emptydir-hg repository | |
| 424 | emptydir does not look like a CVS checkout |
|
424 | emptydir does not look like a CVS checkout | |
| 425 | emptydir does not look like a Git repository |
|
425 | $TESTTMP/emptydir does not look like a Git repository | |
| 426 | emptydir does not look like a Subversion repository |
|
426 | emptydir does not look like a Subversion repository | |
| 427 | emptydir is not a local Mercurial repository |
|
427 | emptydir is not a local Mercurial repository | |
| 428 | emptydir does not look like a darcs repository |
|
428 | emptydir does not look like a darcs repository | |
General Comments 0
You need to be logged in to leave comments.
Login now