Show More
@@ -729,3 +729,20 b' damage git repository by renaming a tree' | |||
|
729 | 729 | $ mv git-repo4/.git/objects/$TREE_OBJ git-repo4/.git/objects/$TREE_OBJ.tmp |
|
730 | 730 | $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' |
|
731 | 731 | abort: cannot read changes in 1c0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd |
|
732 | ||
|
733 | test for escaping the repo name (CVE-2016-3069) | |
|
734 | ||
|
735 | $ git init '`echo pwned >COMMAND-INJECTION`' | |
|
736 | Initialized empty Git repository in $TESTTMP/`echo pwned >COMMAND-INJECTION`/.git/ | |
|
737 | $ cd '`echo pwned >COMMAND-INJECTION`' | |
|
738 | $ git commit -q --allow-empty -m 'empty' | |
|
739 | $ cd .. | |
|
740 | $ hg convert '`echo pwned >COMMAND-INJECTION`' 'converted' | |
|
741 | initializing destination converted repository | |
|
742 | scanning source... | |
|
743 | sorting... | |
|
744 | converting... | |
|
745 | 0 empty | |
|
746 | updating bookmarks | |
|
747 | $ test -f COMMAND-INJECTION | |
|
748 | [1] |
General Comments 0
You need to be logged in to leave comments.
Login now