upstream/mercurial-mirror Files · contrib/simplemerge

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

FUJIWARA Katsunori - - Load All Authors

File last commit:

r28047:863075fd default


                r28663:ae279d4a

3.7.3 stable

Download file

             simplemerge
        
                    66 lines
            
             | 2.1 KiB
            
                | text/plain
            
             |
                TextLexer

/ contrib / simplemerge

History | Annotation | Raw |Copy content |Copy permalink

				#!/usr/bin/env python

				from mercurial import demandimport
				demandimport.enable()

				import sys
				from mercurial.i18n import _
				from mercurial import error, simplemerge, fancyopts, util, ui

				options = [('L', 'label', [], _('labels to use on conflict markers')),
				('a', 'text', None, _('treat all files as text')),
				('p', 'print', None,
				_('print results instead of overwriting LOCAL')),
				('', 'no-minimal', None, _('no effect (DEPRECATED)')),
				('h', 'help', None, _('display help and exit')),
				('q', 'quiet', None, _('suppress output'))]

				usage = _('''simplemerge [OPTS] LOCAL BASE OTHER

				Simple three-way file merge utility with a minimal feature set.

				Apply to LOCAL the changes necessary to go from BASE to OTHER.

				By default, LOCAL is overwritten with the results of this operation.
				''')

				class ParseError(Exception):
				"""Exception raised on errors in parsing the command line."""

				def showhelp():
				sys.stdout.write(usage)
				sys.stdout.write('\noptions:\n')

				out_opts = []
				for shortopt, longopt, default, desc in options:
				out_opts.append(('%2s%s' % (shortopt and '-%s' % shortopt,
				longopt and ' --%s' % longopt),
				'%s' % desc))
				opts_len = max([len(opt[0]) for opt in out_opts])
				for first, second in out_opts:
				sys.stdout.write(' %-*s %s\n' % (opts_len, first, second))

				try:
				for fp in (sys.stdin, sys.stdout, sys.stderr):
				util.setbinary(fp)

				opts = {}
				try:
				args = fancyopts.fancyopts(sys.argv[1:], options, opts)
				except fancyopts.getopt.GetoptError, e:
				raise ParseError(e)
				if opts['help']:
				showhelp()
				sys.exit(0)
				if len(args) != 3:
				raise ParseError(_('wrong number of arguments'))
				sys.exit(simplemerge.simplemerge(ui.ui(), args, *opts))
				except ParseError, e:
				sys.stdout.write("%s: %s\n" % (sys.argv[0], e))
				showhelp()
				sys.exit(1)
				except error.Abort, e:
				sys.stderr.write("abort: %s\n" % e)
				sys.exit(255)
				except KeyboardInterrupt:
				sys.exit(255)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages