upstream/mercurial-mirror Files · tests/dummyssh

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Augie Fackler - - Load All Authors

File last commit:

r19320:f266cb3f default


                r28663:ae279d4a

3.7.3 stable

Download file

             dummyssh
        
                    24 lines
            
             | 516 B
            
                | text/plain
            
             |
                TextLexer

/ tests / dummyssh

History | Annotation | Raw |Copy content |Copy permalink

				#!/usr/bin/env python

				import sys
				import os

				os.chdir(os.getenv('TESTTMP'))

				if sys.argv[1] != "user@dummy":
				sys.exit(-1)

				os.environ["SSH_CLIENT"] = "127.0.0.1 1 2"

				log = open("dummylog", "ab")
				log.write("Got arguments")
				for i, arg in enumerate(sys.argv[1:]):
				log.write(" %d:%s" % (i + 1, arg))
				log.write("\n")
				log.close()
				hgcmd = sys.argv[2]
				if os.name == 'nt':
				# hack to make simple unix single quote quoting work on windows
				hgcmd = hgcmd.replace("'", '"')
				r = os.system(hgcmd)
				sys.exit(bool(r))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages