##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

convert: test for shell injection in git calls (SEC)...
convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
Bryan O'Sullivan - - Load All Authors

File last commit:

r27535:0d0f4070 default
r28663:ae279d4a 3.7.3 stable
Show More
test-demandimport.py
60 lines | 1.2 KiB | text/x-python | PythonLexer
/ tests / test-demandimport.py
History | Annotation | Raw |Copy content |Copy permalink
from mercurial import demandimport
demandimport.enable()
import os
if os.name != 'nt':
try:
import distutils.msvc9compiler
print ('distutils.msvc9compiler needs to be an immediate '
'importerror on non-windows platforms')
distutils.msvc9compiler
except ImportError:
pass
import re
rsub = re.sub
def f(obj):
l = repr(obj)
l = rsub("0x[0-9a-fA-F]+", "0x?", l)
l = rsub("from '.*'", "from '?'", l)
l = rsub("'<[a-z]*>'", "'<whatever>'", l)
return l
import os
print "os =", f(os)
print "os.system =", f(os.system)
print "os =", f(os)
from mercurial import util
print "util =", f(util)
print "util.system =", f(util.system)
print "util =", f(util)
print "util.system =", f(util.system)
from mercurial import hgweb
print "hgweb =", f(hgweb)
print "hgweb_mod =", f(hgweb.hgweb_mod)
print "hgweb =", f(hgweb)
import re as fred
print "fred =", f(fred)
import sys as re
print "re =", f(re)
print "fred =", f(fred)
print "fred.sub =", f(fred.sub)
print "fred =", f(fred)
print "re =", f(re)
print "re.stderr =", f(re.stderr)
print "re =", f(re)
demandimport.disable()
os.environ['HGDEMANDIMPORT'] = 'disable'
demandimport.enable()
from mercurial import node
print "node =", f(node)