upstream/mercurial-mirror Files · tests/test-import-context.t

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Mads Kiilerich - - Load All Authors

File last commit:

r16913:f2719b38 default


                r28663:ae279d4a

3.7.3 stable

Download file

             test-import-context.t
        
                    126 lines
            
             | 2.3 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-import-context.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      Test applying context diffs

        $ cat > writepatterns.py <<EOF

        > import sys

        > 

        > path = sys.argv[1]

        > lasteol = sys.argv[2] == '1'

        > patterns = sys.argv[3:]

        > 

        > fp = file(path, 'wb')

        > for i, pattern in enumerate(patterns):

        >     count = int(pattern[0:-1])

        >     char = pattern[-1] + '\n'

        >     if not lasteol and i == len(patterns) - 1:

        >         fp.write((char*count)[:-1])

        >     else:

        >         fp.write(char*count)

        > fp.close()

        > EOF

        $ cat > cat.py <<EOF

        > import sys

        > sys.stdout.write(repr(file(sys.argv[1], 'rb').read()) + '\n')

        > EOF

      Initialize the test repository

        $ hg init repo

        $ cd repo

        $ python ../writepatterns.py a 0 5A 1B 5C 1D

        $ python ../writepatterns.py b 1 1A 1B

        $ python ../writepatterns.py c 1 5A

        $ python ../writepatterns.py d 1 5A 1B

        $ hg add

        adding a

        adding b

        adding c

        adding d

        $ hg ci -m addfiles

      Add file, missing a last end of line

        $ hg import --no-commit - <<EOF

        > *** /dev/null	2010-10-16 18:05:49.000000000 +0200

        > --- b/newnoeol	2010-10-16 18:23:26.000000000 +0200

        > ***************

        > *** 0 ****

        > --- 1,2 ----

        > + a

        > + b

        > \ No newline at end of file

        > *** a/a	Sat Oct 16 16:35:51 2010

        > --- b/a	Sat Oct 16 16:35:51 2010

        > ***************

        > *** 3,12 ****

        >   A

        >   A

        >   A

        > ! B

        >   C

        >   C

        >   C

        >   C

        >   C

        > ! D

        > \ No newline at end of file

        > --- 3,13 ----

        >   A

        >   A

        >   A

        > ! E

        >   C

        >   C

        >   C

        >   C

        >   C

        > ! F

        > ! F

        > 

        > *** a/b	2010-10-16 18:40:38.000000000 +0200

        > --- /dev/null	2010-10-16 18:05:49.000000000 +0200

        > ***************

        > *** 1,2 ****

        > - A

        > - B

        > --- 0 ----

        > *** a/c	Sat Oct 16 21:34:26 2010

        > --- b/c	Sat Oct 16 21:34:27 2010

        > ***************

        > *** 3,5 ****

        > --- 3,7 ----

        >   A

        >   A

        >   A

        > + B

        > + B

        > *** a/d	Sat Oct 16 21:47:20 2010

        > --- b/d	Sat Oct 16 21:47:22 2010

        > ***************

        > *** 2,6 ****

        >   A

        >   A

        >   A

        > - A

        > - B

        > --- 2,4 ----

        > EOF

        applying patch from stdin

        $ hg st

        M a

        M c

        M d

        A newnoeol

        R b

      What's in a

        $ python ../cat.py a

        'A\nA\nA\nA\nA\nE\nC\nC\nC\nC\nC\nF\nF\n'

        $ python ../cat.py newnoeol

        'a\nb'

        $ python ../cat.py c

        'A\nA\nA\nA\nA\nB\nB\n'

        $ python ../cat.py d

        'A\nA\nA\nA\n'

        $ cd ..

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				Test applying context diffs

				$ cat > writepatterns.py <<EOF
				> import sys
				>
				> path = sys.argv[1]
				> lasteol = sys.argv[2] == '1'
				> patterns = sys.argv[3:]
				>
				> fp = file(path, 'wb')
				> for i, pattern in enumerate(patterns):
				> count = int(pattern[0:-1])
				> char = pattern[-1] + '\n'
				> if not lasteol and i == len(patterns) - 1:
				> fp.write((char*count)[:-1])
				> else:
				> fp.write(char*count)
				> fp.close()
				> EOF
				$ cat > cat.py <<EOF
				> import sys
				> sys.stdout.write(repr(file(sys.argv[1], 'rb').read()) + '\n')
				> EOF

				Initialize the test repository

				$ hg init repo
				$ cd repo
				$ python ../writepatterns.py a 0 5A 1B 5C 1D
				$ python ../writepatterns.py b 1 1A 1B
				$ python ../writepatterns.py c 1 5A
				$ python ../writepatterns.py d 1 5A 1B
				$ hg add
				adding a
				adding b
				adding c
				adding d
				$ hg ci -m addfiles

				Add file, missing a last end of line

				$ hg import --no-commit - <<EOF
				> *** /dev/null 2010-10-16 18:05:49.000000000 +0200
				> --- b/newnoeol 2010-10-16 18:23:26.000000000 +0200
				> ***************
				> * 0 **
				> --- 1,2 ----
				> + a
				> + b
				> \ No newline at end of file
				> *** a/a Sat Oct 16 16:35:51 2010
				> --- b/a Sat Oct 16 16:35:51 2010
				> ***************
				> * 3,12 **
				> A
				> A
				> A
				> ! B
				> C
				> C
				> C
				> C
				> C
				> ! D
				> \ No newline at end of file
				> --- 3,13 ----
				> A
				> A
				> A
				> ! E
				> C
				> C
				> C
				> C
				> C
				> ! F
				> ! F
				>
				> *** a/b 2010-10-16 18:40:38.000000000 +0200
				> --- /dev/null 2010-10-16 18:05:49.000000000 +0200
				> ***************
				> * 1,2 **
				> - A
				> - B
				> --- 0 ----
				> *** a/c Sat Oct 16 21:34:26 2010
				> --- b/c Sat Oct 16 21:34:27 2010
				> ***************
				> * 3,5 **
				> --- 3,7 ----
				> A
				> A
				> A
				> + B
				> + B
				> *** a/d Sat Oct 16 21:47:20 2010
				> --- b/d Sat Oct 16 21:47:22 2010
				> ***************
				> * 2,6 **
				> A
				> A
				> A
				> - A
				> - B
				> --- 2,4 ----
				> EOF
				applying patch from stdin
				$ hg st
				M a
				M c
				M d
				A newnoeol
				R b

				What's in a

				$ python ../cat.py a
				'A\nA\nA\nA\nA\nE\nC\nC\nC\nC\nC\nF\nF\n'
				$ python ../cat.py newnoeol
				'a\nb'
				$ python ../cat.py c
				'A\nA\nA\nA\nA\nB\nB\n'
				$ python ../cat.py d
				'A\nA\nA\nA\n'

				$ cd ..