Show More
@@ -57,6 +57,10 b' class convert_git(common.converter_sourc' | |||
|
57 | 57 | super(convert_git, self).__init__(ui, path, revs=revs) |
|
58 | 58 | common.commandline.__init__(self, ui, 'git') |
|
59 | 59 | |
|
60 | # Pass an absolute path to git to prevent from ever being interpreted | |
|
61 | # as a URL | |
|
62 | path = os.path.abspath(path) | |
|
63 | ||
|
60 | 64 | if os.path.isdir(path + "/.git"): |
|
61 | 65 | path += "/.git" |
|
62 | 66 | if not os.path.exists(path + "/objects"): |
@@ -714,7 +714,7 b' damage git repository by renaming a comm' | |||
|
714 | 714 | $ COMMIT_OBJ=1c/0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd |
|
715 | 715 | $ mv git-repo4/.git/objects/$COMMIT_OBJ git-repo4/.git/objects/$COMMIT_OBJ.tmp |
|
716 | 716 | $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' |
|
717 | abort: cannot retrieve number of commits in git-repo4/.git | |
|
717 | abort: cannot retrieve number of commits in $TESTTMP/git-repo4/.git | |
|
718 | 718 | $ mv git-repo4/.git/objects/$COMMIT_OBJ.tmp git-repo4/.git/objects/$COMMIT_OBJ |
|
719 | 719 | damage git repository by renaming a blob object |
|
720 | 720 | |
@@ -749,5 +749,22 b' test for escaping the repo name (CVE-201' | |||
|
749 | 749 | $ test -f COMMAND-INJECTION |
|
750 | 750 | [1] |
|
751 | 751 | |
|
752 | test for safely passing paths to git (CVE-2016-3105) | |
|
753 | ||
|
754 | $ git init 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' | |
|
755 | Initialized empty Git repository in $TESTTMP/ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #/.git/ | |
|
756 | $ cd 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' | |
|
757 | $ git commit -q --allow-empty -m 'empty' | |
|
758 | $ cd .. | |
|
759 | $ hg convert 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' 'converted-git-ext' | |
|
760 | initializing destination converted-git-ext repository | |
|
761 | scanning source... | |
|
762 | sorting... | |
|
763 | converting... | |
|
764 | 0 empty | |
|
765 | updating bookmarks | |
|
766 | $ test -f GIT-EXT-COMMAND-INJECTION | |
|
767 | [1] | |
|
768 | ||
|
752 | 769 | #endif |
|
753 | 770 |
@@ -422,7 +422,7 b' running from a devel copy, not a temp in' | |||
|
422 | 422 | assuming destination emptydir-hg |
|
423 | 423 | initializing destination emptydir-hg repository |
|
424 | 424 | emptydir does not look like a CVS checkout |
|
425 | emptydir does not look like a Git repository | |
|
425 | $TESTTMP/emptydir does not look like a Git repository | |
|
426 | 426 | emptydir does not look like a Subversion repository |
|
427 | 427 | emptydir is not a local Mercurial repository |
|
428 | 428 | emptydir does not look like a darcs repository |
General Comments 0
You need to be logged in to leave comments.
Login now