upstream/mercurial-mirror Files · tests

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Mateusz Kwapich -


            r28663:ae279d4a

Name	Size	Modified	Last Commit	Author
/ tests
blacklists
bundles
gpg
svn
README	Loading ...
autodiff.py	Loading ...
binfile.bin	Loading ...
bzr-definitions	Loading ...
cgienv	Loading ...
dumbhttp.py	Loading ...
dummyssh	Loading ...
f	Loading ...
failfilemerge.py	Loading ...
fakedirstatewritetime.py	Loading ...
fakemergerecord.py	Loading ...
fakepatchtime.py	Loading ...
filterpyflakes.py	Loading ...
generate-working-copy-states.py	Loading ...
get-with-headers.py	Loading ...
heredoctest.py	Loading ...
hghave	Loading ...
hghave.py	Loading ...
hgterm.ti	Loading ...
hgweberror.py	Loading ...
histedit-helpers.sh	Loading ...
hypothesishelpers.py	Loading ...
killdaemons.py	Loading ...
lockdelay.py	Loading ...
md5sum.py	Loading ...
missing-comment.hg	Loading ...
mockblackbox.py	Loading ...
notcapable	Loading ...
printenv.py	Loading ...
readlink.py	Loading ...
revlog-formatv0.py	Loading ...
run-tests.py	Loading ...
seq.py	Loading ...
silenttestrunner.py	Loading ...
sitecustomize.py	Loading ...
svn-safe-append.py	Loading ...
svnxml.py	Loading ...
test-1102.t	Loading ...
test-1993.t	Loading ...
test-586.t	Loading ...
test-abort-checkin.t	Loading ...
test-acl.t	Loading ...
test-add.t	Loading ...
test-addremove-similar.t	Loading ...
test-addremove.t	Loading ...
test-alias.t	Loading ...
test-ancestor.py	Loading ...
test-ancestor.py.out	Loading ...
test-annotate.t	Loading ...
test-archive-symlinks.t	Loading ...
test-archive.t	Loading ...
test-atomictempfile.py	Loading ...
test-audit-path.t	Loading ...
test-backout.t	Loading ...
test-backwards-remove.t	Loading ...
test-bad-extension.t	Loading ...
test-bad-pull.t	Loading ...
test-basic.t	Loading ...
test-batching.py	Loading ...
test-batching.py.out	Loading ...
test-bdiff.py	Loading ...
test-bdiff.py.out	Loading ...
test-bheads.t	Loading ...
test-bisect.t	Loading ...
test-bisect2.t	Loading ...
test-bisect3.t	Loading ...
test-blackbox.t	Loading ...
test-bookmarks-current.t	Loading ...
test-bookmarks-merge.t	Loading ...
test-bookmarks-pushpull.t	Loading ...
test-bookmarks-rebase.t	Loading ...
test-bookmarks-strip.t	Loading ...
test-bookmarks.t	Loading ...
test-branch-option.t	Loading ...
test-branch-tag-confict.t	Loading ...
test-branches.t	Loading ...
test-bundle-r.t	Loading ...
test-bundle-type.t	Loading ...
test-bundle-vs-outgoing.t	Loading ...
test-bundle.t	Loading ...
test-bundle2-exchange.t	Loading ...
test-bundle2-format.t	Loading ...
test-bundle2-multiple-changegroups.t	Loading ...
test-bundle2-pushback.t	Loading ...
test-bundle2-remote-changegroup.t	Loading ...
test-casecollision-merge.t	Loading ...
test-casecollision.t	Loading ...
test-casefolding.t	Loading ...
test-cat.t	Loading ...
test-censor.t	Loading ...
test-changelog-exec.t	Loading ...
test-check-code.t	Loading ...
test-check-commit.t	Loading ...
test-check-config.t	Loading ...
test-check-execute.t	Loading ...
test-check-py3-compat.t	Loading ...
test-check-pyflakes.t	Loading ...
test-children.t	Loading ...
test-churn.t	Loading ...
test-clone-cgi.t	Loading ...
test-clone-pull-corruption.t	Loading ...
test-clone-r.t	Loading ...
test-clone-uncompressed.t	Loading ...
test-clone-update-order.t	Loading ...
test-clone.t	Loading ...
test-clonebundles.t	Loading ...
test-command-template.t	Loading ...
test-commandserver.t	Loading ...
test-commit-amend.t	Loading ...
test-commit-interactive-curses.t	Loading ...
test-commit-interactive.t	Loading ...
test-commit-multiple.t	Loading ...
test-commit-unresolved.t	Loading ...
test-commit.t	Loading ...
test-committer.t	Loading ...
test-completion.t	Loading ...
test-config.t	Loading ...
test-conflict.t	Loading ...
test-confused-revert.t	Loading ...
test-context.py	Loading ...
test-context.py.out	Loading ...
test-contrib-check-code.t	Loading ...
test-contrib-check-commit.t	Loading ...
test-contrib-perf.t	Loading ...
test-contrib.t	Loading ...
test-convert-authormap.t	Loading ...
test-convert-baz.t	Loading ...
test-convert-bzr-114.t	Loading ...
test-convert-bzr-directories.t	Loading ...
test-convert-bzr-ghosts.t	Loading ...
test-convert-bzr-merges.t	Loading ...
test-convert-bzr-treeroot.t	Loading ...
test-convert-bzr.t	Loading ...
test-convert-clonebranches.t	Loading ...
test-convert-cvs-branch.t	Loading ...
test-convert-cvs-detectmerge.t	Loading ...
test-convert-cvs-synthetic.t	Loading ...
test-convert-cvs.t	Loading ...
test-convert-cvsnt-mergepoints.rlog	Loading ...
test-convert-cvsnt-mergepoints.t	Loading ...
test-convert-darcs.t	Loading ...
test-convert-datesort.t	Loading ...
test-convert-filemap.t	Loading ...
test-convert-git.t	Loading ...
test-convert-hg-sink.t	Loading ...
test-convert-hg-source.t	Loading ...
test-convert-hg-startrev.t	Loading ...
test-convert-hg-svn.t	Loading ...
test-convert-mtn.t	Loading ...
test-convert-p4-filetypes.t	Loading ...
test-convert-p4.t	Loading ...
test-convert-splicemap.t	Loading ...
test-convert-svn-branches.t	Loading ...
test-convert-svn-encoding.t	Loading ...
test-convert-svn-move.t	Loading ...
test-convert-svn-sink.t	Loading ...
test-convert-svn-source.t	Loading ...
test-convert-svn-startrev.t	Loading ...
test-convert-svn-tags.t	Loading ...
test-convert-tagsbranch-topology.t	Loading ...
test-convert-tla.t	Loading ...
test-convert.t	Loading ...
test-copy-move-merge.t	Loading ...
test-copy.t	Loading ...
test-ctxmanager.py	Loading ...
test-custom-filters.t	Loading ...
test-debian-packages.t	Loading ...
test-debugbuilddag.t	Loading ...
test-debugbundle.t	Loading ...
test-debugcommands.t	Loading ...
test-debugextensions.t	Loading ...
test-debugindexdot.t	Loading ...
test-debugrename.t	Loading ...
test-default-push.t	Loading ...
test-demandimport.py	Loading ...
test-demandimport.py.out	Loading ...
test-devel-warnings.t	Loading ...
test-diff-binary-file.t	Loading ...
test-diff-change.t	Loading ...
test-diff-color.t	Loading ...
test-diff-copy-depth.t	Loading ...
test-diff-hashes.t	Loading ...
test-diff-ignore-whitespace.t	Loading ...
test-diff-issue2761.t	Loading ...
test-diff-newlines.t	Loading ...
test-diff-reverse.t	Loading ...
test-diff-subdir.t	Loading ...
test-diff-unified.t	Loading ...
test-diff-upgrade.t	Loading ...
test-diffdir.t	Loading ...
test-diffstat.t	Loading ...
test-dirstate-nonnormalset.t	Loading ...
test-dirstate-race.t	Loading ...
test-dirstate.t	Loading ...
test-dispatch.py	Loading ...
test-dispatch.py.out	Loading ...
test-dispatch.t	Loading ...
test-docker-packaging.t	Loading ...
test-doctest.py	Loading ...
test-double-merge.t	Loading ...
test-duplicateoptions.py	Loading ...
test-empty-dir.t	Loading ...
test-empty-file.t	Loading ...
test-empty-group.t	Loading ...
test-empty.t	Loading ...
test-encode.t	Loading ...
test-encoding-align.t	Loading ...
test-encoding-textwrap.t	Loading ...
test-encoding.t	Loading ...
test-eol-add.t	Loading ...
test-eol-clone.t	Loading ...
test-eol-hook.t	Loading ...
test-eol-patch.t	Loading ...
test-eol-tag.t	Loading ...
test-eol-update.t	Loading ...
test-eol.t	Loading ...
test-eolfilename.t	Loading ...
test-excessive-merge.t	Loading ...
test-execute-bit.t	Loading ...
test-export.t	Loading ...
test-extdiff.t	Loading ...
test-extension.t	Loading ...
test-extra-filelog-entry.t	Loading ...
test-fetch.t	Loading ...
test-filebranch.t	Loading ...
test-filecache.py	Loading ...
test-filecache.py.out	Loading ...
test-filelog.py	Loading ...
test-filelog.py.out	Loading ...
test-fileset-generated.t	Loading ...
test-fileset.t	Loading ...
test-flags.t	Loading ...
test-fncache.t	Loading ...
test-gendoc.t	Loading ...
test-generaldelta.t	Loading ...
test-getbundle.t	Loading ...
test-git-export.t	Loading ...
test-globalopts.t	Loading ...
test-glog-topological.t	Loading ...
test-glog.t	Loading ...
test-gpg.t	Loading ...
test-graft.t	Loading ...
test-grep.t	Loading ...
test-hardlinks.t	Loading ...
test-help.t	Loading ...
test-hg-parseurl.py	Loading ...
test-hg-parseurl.py.out	Loading ...
test-hgcia.t	Loading ...
test-hghave.t	Loading ...
test-hgignore.t	Loading ...
test-hgk.t	Loading ...
test-hgrc.t	Loading ...
test-hgweb-auth.py	Loading ...
test-hgweb-auth.py.out	Loading ...
test-hgweb-bundle.t	Loading ...
test-hgweb-commands.t	Loading ...
test-hgweb-descend-empties.t	Loading ...
test-hgweb-diffs.t	Loading ...
test-hgweb-empty.t	Loading ...
test-hgweb-filelog.t	Loading ...
test-hgweb-json.t	Loading ...
test-hgweb-no-path-info.t	Loading ...
test-hgweb-no-request-uri.t	Loading ...
test-hgweb-non-interactive.t	Loading ...
test-hgweb-raw.t	Loading ...
test-hgweb-removed.t	Loading ...
test-hgweb-symrev.t	Loading ...
test-hgweb.t	Loading ...
test-hgwebdir-paths.py	Loading ...
test-hgwebdir.t	Loading ...
test-hgwebdirsym.t	Loading ...
test-highlight.t	Loading ...
test-histedit-arguments.t	Loading ...
test-histedit-base.t	Loading ...
test-histedit-bookmark-motion.t	Loading ...
test-histedit-commute.t	Loading ...
test-histedit-drop.t	Loading ...
test-histedit-edit.t	Loading ...
test-histedit-fold-non-commute.t	Loading ...
test-histedit-fold.t	Loading ...
test-histedit-no-change.t	Loading ...
test-histedit-non-commute-abort.t	Loading ...
test-histedit-non-commute.t	Loading ...
test-histedit-obsolete.t	Loading ...
test-histedit-outgoing.t	Loading ...
test-hook.t	Loading ...
test-http-branchmap.t	Loading ...
test-http-bundle1.t	Loading ...
test-http-clone-r.t	Loading ...
test-http-proxy.t	Loading ...
test-http.t	Loading ...
test-https.t	Loading ...
test-hybridencode.py	Loading ...
test-hybridencode.py.out	Loading ...
test-i18n.t	Loading ...
test-identify.t	Loading ...
test-impexp-branch.t	Loading ...
test-import-bypass.t	Loading ...
test-import-context.t	Loading ...
test-import-eol.t	Loading ...
test-import-git.t	Loading ...
test-import-merge.t	Loading ...
test-import-unknown.t	Loading ...
test-import.t	Loading ...
test-incoming-outgoing.t	Loading ...
test-inherit-mode.t	Loading ...
test-init.t	Loading ...
test-install.t	Loading ...
test-issue1089.t	Loading ...
test-issue1175.t	Loading ...
test-issue1306.t	Loading ...
test-issue1438.t	Loading ...
test-issue1502.t	Loading ...
test-issue1802.t	Loading ...
test-issue1877.t	Loading ...
test-issue2137.t	Loading ...
test-issue3084.t	Loading ...
test-issue522.t	Loading ...
test-issue612.t	Loading ...
test-issue619.t	Loading ...
test-issue660.t	Loading ...
test-issue672.t	Loading ...
test-issue842.t	Loading ...
test-journal-exists.t	Loading ...
test-keyword.t	Loading ...
test-known.t	Loading ...
test-largefiles-cache.t	Loading ...
test-largefiles-misc.t	Loading ...
test-largefiles-small-disk.t	Loading ...
test-largefiles-update.t	Loading ...
test-largefiles-wireproto.t	Loading ...
test-largefiles.t	Loading ...
test-lfconvert.t	Loading ...
test-locate.t	Loading ...
test-lock-badness.t	Loading ...
test-lock.py	Loading ...
test-log.t	Loading ...
test-lrucachedict.py	Loading ...
test-lrucachedict.py.out	Loading ...
test-mactext.t	Loading ...
test-manifest-merging.t	Loading ...
test-manifest.py	Loading ...
test-manifest.t	Loading ...
test-manifestv2.t	Loading ...
test-merge-changedelete.t	Loading ...
test-merge-closedheads.t	Loading ...
test-merge-commit.t	Loading ...
test-merge-criss-cross.t	Loading ...
test-merge-default.t	Loading ...
test-merge-force.t	Loading ...
test-merge-internal-tools-pattern.t	Loading ...
test-merge-local.t	Loading ...
test-merge-remove.t	Loading ...
test-merge-revert.t	Loading ...
test-merge-revert2.t	Loading ...
test-merge-subrepos.t	Loading ...
test-merge-symlinks.t	Loading ...
test-merge-tools.t	Loading ...
test-merge-types.t	Loading ...
test-merge1.t	Loading ...
test-merge10.t	Loading ...
test-merge2.t	Loading ...
test-merge4.t	Loading ...
test-merge5.t	Loading ...
test-merge6.t	Loading ...
test-merge7.t	Loading ...
test-merge8.t	Loading ...
test-merge9.t	Loading ...
test-minirst.py	Loading ...
test-minirst.py.out	Loading ...
test-module-imports.t	Loading ...
test-mq-eol.t	Loading ...
test-mq-git.t	Loading ...
test-mq-guards.t	Loading ...
test-mq-header-date.t	Loading ...
test-mq-header-from.t	Loading ...
test-mq-merge.t	Loading ...
test-mq-missingfiles.t	Loading ...
test-mq-pull-from-bundle.t	Loading ...
test-mq-qclone-http.t	Loading ...
test-mq-qdelete.t	Loading ...
test-mq-qdiff.t	Loading ...
test-mq-qfold.t	Loading ...
test-mq-qgoto.t	Loading ...
test-mq-qimport-fail-cleanup.t	Loading ...
test-mq-qimport.t	Loading ...
test-mq-qnew.t	Loading ...
test-mq-qpush-exact.t	Loading ...
test-mq-qpush-fail.t	Loading ...
test-mq-qqueue.t	Loading ...
test-mq-qrefresh-interactive.t	Loading ...
test-mq-qrefresh-replace-log-message.t	Loading ...
test-mq-qrefresh.t	Loading ...
test-mq-qrename.t	Loading ...
test-mq-qsave.t	Loading ...
test-mq-safety.t	Loading ...
test-mq-subrepo-svn.t	Loading ...
test-mq-subrepo.t	Loading ...
test-mq-symlinks.t	Loading ...
test-mq.t	Loading ...
test-mv-cp-st-diff.t	Loading ...
test-nested-repo.t	Loading ...
test-newbranch.t	Loading ...
test-newcgi.t	Loading ...
test-newercgi.t	Loading ...
test-no-symlinks.t	Loading ...
test-notify-changegroup.t	Loading ...
test-notify.t	Loading ...
test-obsolete-changeset-exchange.t	Loading ...
test-obsolete-checkheads.t	Loading ...
test-obsolete-divergent.t	Loading ...
test-obsolete-tag-cache.t	Loading ...
test-obsolete.t	Loading ...
test-oldcgi.t	Loading ...
test-parents.t	Loading ...
test-parse-date.t	Loading ...
test-parseindex.t	Loading ...
test-parseindex2.py	Loading ...
test-parseindex2.py.out	Loading ...
test-patch-offset.t	Loading ...
test-patch.t	Loading ...
test-patchbomb.t	Loading ...
test-pathencode.py	Loading ...
test-paths.t	Loading ...
test-pending.t	Loading ...
test-permissions.t	Loading ...
test-phases-exchange.t	Loading ...
test-phases.t	Loading ...
test-profile.t	Loading ...
test-progress.t	Loading ...
test-propertycache.py	Loading ...
test-propertycache.py.out	Loading ...
test-pull-branch.t	Loading ...
test-pull-http.t	Loading ...
test-pull-permission.t	Loading ...
test-pull-pull-corruption.t	Loading ...
test-pull-r.t	Loading ...
test-pull-update.t	Loading ...
test-pull.t	Loading ...
test-purge.t	Loading ...
test-push-cgi.t	Loading ...
test-push-hook-lock.t	Loading ...
test-push-http-bundle1.t	Loading ...
test-push-http.t	Loading ...
test-push-r.t	Loading ...
test-push-validation.t	Loading ...
test-push-warn.t	Loading ...
test-qrecord.t	Loading ...
test-rebase-abort.t	Loading ...
test-rebase-bookmarks.t	Loading ...
test-rebase-cache.t	Loading ...
test-rebase-check-restore.t	Loading ...
test-rebase-collapse.t	Loading ...
test-rebase-conflicts.t	Loading ...
test-rebase-detach.t	Loading ...
test-rebase-interruptions.t	Loading ...
test-rebase-issue-noparam-single-rev.t	Loading ...
test-rebase-mq-skip.t	Loading ...
test-rebase-mq.t	Loading ...
test-rebase-named-branches.t	Loading ...
test-rebase-newancestor.t	Loading ...
test-rebase-obsolete.t	Loading ...
test-rebase-parameters.t	Loading ...
test-rebase-pull.t	Loading ...
test-rebase-rename.t	Loading ...
test-rebase-scenario-global.t	Loading ...
test-rebuildstate.t	Loading ...
test-record.t	Loading ...
test-relink.t	Loading ...
test-remove.t	Loading ...
test-rename-after-merge.t	Loading ...
test-rename-dir-merge.t	Loading ...
test-rename-merge1.t	Loading ...
test-rename-merge2.t	Loading ...
test-rename.t	Loading ...
test-repair-strip.t	Loading ...
test-requires.t	Loading ...
test-resolve.t	Loading ...
test-revert-flags.t	Loading ...
test-revert-interactive.t	Loading ...
test-revert-unknown.t	Loading ...
test-revert.t	Loading ...
test-revlog-ancestry.py	Loading ...
test-revlog-ancestry.py.out	Loading ...
test-revlog-group-emptyiter.t	Loading ...
test-revlog-packentry.t	Loading ...
test-revlog.t	Loading ...
test-revset-dirstate-parents.t	Loading ...
test-revset-outgoing.t	Loading ...
test-revset.t	Loading ...
test-rollback.t	Loading ...
test-run-tests.py	Loading ...
test-run-tests.t	Loading ...
test-schemes.t	Loading ...
test-serve.t	Loading ...
test-setdiscovery.t	Loading ...
test-share.t	Loading ...
test-shelve.t	Loading ...
test-simple-update.t	Loading ...
test-simplemerge.py	Loading ...
test-simplemerge.py.out	Loading ...
test-ssh-bundle1.t	Loading ...
test-ssh-clone-r.t	Loading ...
test-ssh.t	Loading ...
test-static-http.t	Loading ...
test-status-color.t	Loading ...
test-status-inprocess.py	Loading ...
test-status-inprocess.py.out	Loading ...
test-status-rev.t	Loading ...
test-status.t	Loading ...
test-strict.t	Loading ...
test-strip-cross.t	Loading ...
test-strip.t	Loading ...
test-subrepo-deep-nested-change.t	Loading ...
test-subrepo-git.t	Loading ...
test-subrepo-missing.t	Loading ...
test-subrepo-paths.t	Loading ...
test-subrepo-recursion.t	Loading ...
test-subrepo-relative-path.t	Loading ...
test-subrepo-svn.t	Loading ...
test-subrepo.t	Loading ...
test-symlink-os-yes-fs-no.py	Loading ...
test-symlink-os-yes-fs-no.py.out	Loading ...
test-symlink-placeholder.t	Loading ...
test-symlinks.t	Loading ...
test-tag.t	Loading ...
test-tags.t	Loading ...
test-template-engine.t	Loading ...
test-tools.t	Loading ...
test-transplant.t	Loading ...
test-treediscovery-legacy.t	Loading ...
test-treediscovery.t	Loading ...
test-treemanifest.t	Loading ...
test-trusted.py	Loading ...
test-trusted.py.out	Loading ...
test-ui-color.py	Loading ...
test-ui-color.py.out	Loading ...
test-ui-config.py	Loading ...
test-ui-config.py.out	Loading ...
test-ui-verbosity.py	Loading ...
test-ui-verbosity.py.out	Loading ...
test-unbundlehash.t	Loading ...
test-unified-test.t	Loading ...
test-unionrepo.t	Loading ...
test-unrelated-pull.t	Loading ...
test-up-local-change.t	Loading ...
test-update-branches.t	Loading ...
test-update-issue1456.t	Loading ...
test-update-renames.t	Loading ...
test-update-reverse.t	Loading ...
test-url-rev.t	Loading ...
test-url.py	Loading ...
test-username-newline.t	Loading ...
test-verify.t	Loading ...
test-walk.t	Loading ...
test-walkrepo.py	Loading ...
test-websub.t	Loading ...
test-win32text.t	Loading ...
test-wireproto.py	Loading ...
test-wireproto.py.out	Loading ...
test-wireproto.t	Loading ...
tinyproxy.py	Loading ...

tests/README

To run the tests, do:

cd tests/
python run-tests.py

See https://mercurial-scm.org/wiki/WritingTests for
more information on writing tests.

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages