upstream/mercurial-mirror Files · tests/fakepatchtime.py

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Gregory Szorc - - Load All Authors

File last commit:

r27284:f624b0e6 default


                r28663:ae279d4a

3.7.3 stable

Download file

             fakepatchtime.py
        
                    32 lines
            
             | 999 B
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / fakepatchtime.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # extension to emulate invoking 'patch.internalpatch()' at the time

      # specified by '[fakepatchtime] fakenow'

      from __future__ import absolute_import

      from mercurial import (

          extensions,

          patch as patchmod,

          util,

      )

      def internalpatch(orig, ui, repo, patchobj, strip,

                        prefix='', files=None,

                        eolmode='strict', similarity=0):

          if files is None:

              files = set()

          r = orig(ui, repo, patchobj, strip,

                   prefix=prefix, files=files,

                   eolmode=eolmode, similarity=similarity)

          fakenow = ui.config('fakepatchtime', 'fakenow')

          if fakenow:

              # parsing 'fakenow' in YYYYmmddHHMM format makes comparison between

              # 'fakenow' value and 'touch -t YYYYmmddHHMM' argument easy

              fakenow = util.parsedate(fakenow, ['%Y%m%d%H%M'])[0]

              for f in files:

                  repo.wvfs.utime(f, (fakenow, fakenow))

          return r

      def extsetup(ui):

          extensions.wrapfunction(patchmod, 'internalpatch', internalpatch)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# extension to emulate invoking 'patch.internalpatch()' at the time
				# specified by '[fakepatchtime] fakenow'

				from __future__ import absolute_import

				from mercurial import (
				extensions,
				patch as patchmod,
				util,
				)

				def internalpatch(orig, ui, repo, patchobj, strip,
				prefix='', files=None,
				eolmode='strict', similarity=0):
				if files is None:
				files = set()
				r = orig(ui, repo, patchobj, strip,
				prefix=prefix, files=files,
				eolmode=eolmode, similarity=similarity)

				fakenow = ui.config('fakepatchtime', 'fakenow')
				if fakenow:
				# parsing 'fakenow' in YYYYmmddHHMM format makes comparison between
				# 'fakenow' value and 'touch -t YYYYmmddHHMM' argument easy
				fakenow = util.parsedate(fakenow, ['%Y%m%d%H%M'])[0]
				for f in files:
				repo.wvfs.utime(f, (fakenow, fakenow))

				return r

				def extsetup(ui):
				extensions.wrapfunction(patchmod, 'internalpatch', internalpatch)