upstream/mercurial-mirror Files · tests/test-clone-uncompressed.t

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Mads Kiilerich - - Load All Authors

File last commit:

r28518:aa440c3d stable


                r28663:ae279d4a

3.7.3 stable

Download file

             test-clone-uncompressed.t
        
                    92 lines
            
             | 2.7 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-clone-uncompressed.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #require serve

      Initialize repository

      the status call is to check for issue5130

        $ hg init server

        $ cd server

        $ touch foo

        $ hg -q commit -A -m initial

        >>> for i in range(1024):

        ...     with open(str(i), 'wb') as fh:

        ...         fh.write(str(i))

        $ hg -q commit -A -m 'add a lot of files'

        $ hg st

        $ hg serve -p $HGPORT -d --pid-file=hg.pid

        $ cat hg.pid >> $DAEMON_PIDS

        $ cd ..

      Basic clone

        $ hg clone --uncompressed -U http://localhost:$HGPORT clone1

        streaming all changes

        1027 files to transfer, 96.3 KB of data

        transferred 96.3 KB in * seconds (*/sec) (glob)

        searching for changes

        no changes found

      Clone with background file closing enabled

        $ hg --debug --config worker.backgroundclose=true --config worker.backgroundcloseminfilecount=1 clone --uncompressed -U http://localhost:$HGPORT clone-background | grep -v adding

        using http://localhost:$HGPORT/

        sending capabilities command

        sending branchmap command

        streaming all changes

        sending stream_out command

        1027 files to transfer, 96.3 KB of data

        starting 4 threads for background file closing

        transferred 96.3 KB in * seconds (*/sec) (glob)

        query 1; heads

        sending batch command

        searching for changes

        all remote heads known locally

        no changes found

        sending getbundle command

        bundle2-input-bundle: with-transaction

        bundle2-input-part: "listkeys" (params: 1 mandatory) supported

        bundle2-input-part: "listkeys" (params: 1 mandatory) supported

        bundle2-input-bundle: 1 parts total

        checking for updated bookmarks

        preparing listkeys for "phases"

        sending listkeys command

        received listkey for "phases": 58 bytes

      Stream clone while repo is changing:

        $ mkdir changing

        $ cd changing

      extension for delaying the server process so we reliably can modify the repo

      while cloning

        $ cat > delayer.py <<EOF

        > import time

        > from mercurial import extensions, scmutil

        > def __call__(orig, self, path, *args, **kwargs):

        >     if path == 'data/f1.i':

        >         time.sleep(2)

        >     return orig(self, path, *args, **kwargs)

        > extensions.wrapfunction(scmutil.vfs, '__call__', __call__)

        > EOF

      prepare repo with small and big file to cover both code paths in emitrevlogdata

        $ hg init repo

        $ touch repo/f1

        $ $TESTDIR/seq.py 50000 > repo/f2

        $ hg -R repo ci -Aqm "0"

        $ hg -R repo serve -p $HGPORT1 -d --pid-file=hg.pid --config extensions.delayer=delayer.py

        $ cat hg.pid >> $DAEMON_PIDS

      clone while modifying the repo between stating file with write lock and

      actually serving file content

        $ hg clone -q --uncompressed -U http://localhost:$HGPORT1 clone &

        $ sleep 1

        $ echo >> repo/f1

        $ echo >> repo/f2

        $ hg -R repo ci -m "1"

        $ wait

        $ hg -R clone id

        000000000000

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#require serve

				Initialize repository
				the status call is to check for issue5130

				$ hg init server
				$ cd server
				$ touch foo
				$ hg -q commit -A -m initial
				>>> for i in range(1024):
				... with open(str(i), 'wb') as fh:
				... fh.write(str(i))
				$ hg -q commit -A -m 'add a lot of files'
				$ hg st
				$ hg serve -p $HGPORT -d --pid-file=hg.pid
				$ cat hg.pid >> $DAEMON_PIDS
				$ cd ..

				Basic clone

				$ hg clone --uncompressed -U http://localhost:$HGPORT clone1
				streaming all changes
				1027 files to transfer, 96.3 KB of data
				transferred 96.3 KB in * seconds (*/sec) (glob)
				searching for changes
				no changes found

				Clone with background file closing enabled

				$ hg --debug --config worker.backgroundclose=true --config worker.backgroundcloseminfilecount=1 clone --uncompressed -U http://localhost:$HGPORT clone-background \| grep -v adding
				using http://localhost:$HGPORT/
				sending capabilities command
				sending branchmap command
				streaming all changes
				sending stream_out command
				1027 files to transfer, 96.3 KB of data
				starting 4 threads for background file closing
				transferred 96.3 KB in * seconds (*/sec) (glob)
				query 1; heads
				sending batch command
				searching for changes
				all remote heads known locally
				no changes found
				sending getbundle command
				bundle2-input-bundle: with-transaction
				bundle2-input-part: "listkeys" (params: 1 mandatory) supported
				bundle2-input-part: "listkeys" (params: 1 mandatory) supported
				bundle2-input-bundle: 1 parts total
				checking for updated bookmarks
				preparing listkeys for "phases"
				sending listkeys command
				received listkey for "phases": 58 bytes


				Stream clone while repo is changing:

				$ mkdir changing
				$ cd changing

				extension for delaying the server process so we reliably can modify the repo
				while cloning

				$ cat > delayer.py <<EOF
				> import time
				> from mercurial import extensions, scmutil
				> def __call__(orig, self, path, args, *kwargs):
				> if path == 'data/f1.i':
				> time.sleep(2)
				> return orig(self, path, args, *kwargs)
				> extensions.wrapfunction(scmutil.vfs, '__call__', __call__)
				> EOF

				prepare repo with small and big file to cover both code paths in emitrevlogdata

				$ hg init repo
				$ touch repo/f1
				$ $TESTDIR/seq.py 50000 > repo/f2
				$ hg -R repo ci -Aqm "0"
				$ hg -R repo serve -p $HGPORT1 -d --pid-file=hg.pid --config extensions.delayer=delayer.py
				$ cat hg.pid >> $DAEMON_PIDS

				clone while modifying the repo between stating file with write lock and
				actually serving file content

				$ hg clone -q --uncompressed -U http://localhost:$HGPORT1 clone &
				$ sleep 1
				$ echo >> repo/f1
				$ echo >> repo/f2
				$ hg -R repo ci -m "1"
				$ wait
				$ hg -R clone id
				000000000000