upstream/mercurial-mirror Files · i18n/posplit

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

FUJIWARA Katsunori - - Load All Authors

File last commit:

r28074:a1924bc6 default


                r28663:ae279d4a

3.7.3 stable

Download file

             posplit
        
                    77 lines
            
             | 2.7 KiB
            
                | text/plain
            
             |
                TextLexer

/ i18n / posplit

History | Annotation | Raw |Copy content |Copy permalink

				#!/usr/bin/env python
				#
				# posplit - split messages in paragraphs on .po/.pot files
				#
				# license: MIT/X11/Expat
				#

				import re
				import sys
				import polib

				def addentry(po, entry, cache):
				e = cache.get(entry.msgid)
				if e:
				e.occurrences.extend(entry.occurrences)
				else:
				po.append(entry)
				cache[entry.msgid] = entry

				def mkentry(orig, delta, msgid, msgstr):
				entry = polib.POEntry()
				entry.merge(orig)
				entry.msgid = msgid or orig.msgid
				entry.msgstr = msgstr or orig.msgstr
				entry.occurrences = [(p, int(l) + delta) for (p, l) in orig.occurrences]
				return entry

				if __name__ == "__main__":
				po = polib.pofile(sys.argv[1])

				cache = {}
				entries = po[:]
				po[:] = []
				findd = re.compile(r' *\.\. (\w+)::') # for finding directives
				for entry in entries:
				msgids = entry.msgid.split(u'\n\n')
				if entry.msgstr:
				msgstrs = entry.msgstr.split(u'\n\n')
				else:
				msgstrs = [u''] * len(msgids)

				if len(msgids) != len(msgstrs):
				# places the whole existing translation as a fuzzy
				# translation for each paragraph, to give the
				# translator a chance to recover part of the old
				# translation - erasing extra paragraphs is
				# probably better than retranslating all from start
				if 'fuzzy' not in entry.flags:
				entry.flags.append('fuzzy')
				msgstrs = [entry.msgstr] * len(msgids)

				delta = 0
				for msgid, msgstr in zip(msgids, msgstrs):
				if msgid and msgid != '::':
				newentry = mkentry(entry, delta, msgid, msgstr)
				mdirective = findd.match(msgid)
				if mdirective:
				if not msgid[mdirective.end():].rstrip():
				# only directive, nothing to translate here
				continue
				directive = mdirective.group(1)
				if directive in ('container', 'include'):
				if msgid.rstrip('\n').count('\n') == 0:
				# only rst syntax, nothing to translate
				continue
				else:
				# lines following directly, unexpected
				print 'Warning: text follows line with directive' \
				' %s' % directive
				comment = 'do not translate: .. %s::' % directive
				if not newentry.comment:
				newentry.comment = comment
				elif comment not in newentry.comment:
				newentry.comment += '\n' + comment
				addentry(po, newentry, cache)
				delta += 2 + msgid.count('\n')
				po.save()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages