Show More
| @@ -729,3 +729,20 b' damage git repository by renaming a tree' | |||||
| 729 | $ mv git-repo4/.git/objects/$TREE_OBJ git-repo4/.git/objects/$TREE_OBJ.tmp |
|
729 | $ mv git-repo4/.git/objects/$TREE_OBJ git-repo4/.git/objects/$TREE_OBJ.tmp | |
| 730 | $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' |
|
730 | $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' | |
| 731 | abort: cannot read changes in 1c0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd |
|
731 | abort: cannot read changes in 1c0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd | |
|
|
732 | ||||
|
|
733 | test for escaping the repo name (CVE-2016-3069) | |||
|
|
734 | ||||
|
|
735 | $ git init '`echo pwned >COMMAND-INJECTION`' | |||
|
|
736 | Initialized empty Git repository in $TESTTMP/`echo pwned >COMMAND-INJECTION`/.git/ | |||
|
|
737 | $ cd '`echo pwned >COMMAND-INJECTION`' | |||
|
|
738 | $ git commit -q --allow-empty -m 'empty' | |||
|
|
739 | $ cd .. | |||
|
|
740 | $ hg convert '`echo pwned >COMMAND-INJECTION`' 'converted' | |||
|
|
741 | initializing destination converted repository | |||
|
|
742 | scanning source... | |||
|
|
743 | sorting... | |||
|
|
744 | converting... | |||
|
|
745 | 0 empty | |||
|
|
746 | updating bookmarks | |||
|
|
747 | $ test -f COMMAND-INJECTION | |||
|
|
748 | [1] | |||
General Comments 0
You need to be logged in to leave comments.
Login now