upstream/mercurial-mirror Files · tests/test-issue1502.t

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Pierre-Yves David - - Load All Authors

File last commit:

r28064:9e0535da default


                r28663:ae279d4a

3.7.3 stable

Download file

             test-issue1502.t
        
                    43 lines
            
             | 1.2 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-issue1502.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      https://bz.mercurial-scm.org/1502

      Initialize repository

        $ hg init foo

        $ touch foo/a && hg -R foo commit -A -m "added a"

        adding a

        $ hg clone foo foo1

        updating to branch default

        1 files updated, 0 files merged, 0 files removed, 0 files unresolved

        $ echo "bar" > foo1/a && hg -R foo1 commit -m "edit a in foo1"

        $ echo "hi" > foo/a && hg -R foo commit -m "edited a foo"

        $ hg -R foo1 pull -u

        pulling from $TESTTMP/foo (glob)

        searching for changes

        adding changesets

        adding manifests

        adding file changes

        added 1 changesets with 1 changes to 1 files (+1 heads)

        abort: not updating: not a linear update

        (merge or update --check to force update)

        [255]

        $ hg -R foo1 book branchy

        $ hg -R foo1 book

         * branchy                   1:e3e522925eff

      Pull. Bookmark should not jump to new head.

        $ echo "there" >> foo/a && hg -R foo commit -m "edited a again"

        $ hg -R foo1 pull

        pulling from $TESTTMP/foo (glob)

        searching for changes

        adding changesets

        adding manifests

        adding file changes

        added 1 changesets with 1 changes to 1 files

        (run 'hg update' to get a working copy)

        $ hg -R foo1 book

         * branchy                   1:e3e522925eff

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				https://bz.mercurial-scm.org/1502

				Initialize repository

				$ hg init foo
				$ touch foo/a && hg -R foo commit -A -m "added a"
				adding a

				$ hg clone foo foo1
				updating to branch default
				1 files updated, 0 files merged, 0 files removed, 0 files unresolved

				$ echo "bar" > foo1/a && hg -R foo1 commit -m "edit a in foo1"
				$ echo "hi" > foo/a && hg -R foo commit -m "edited a foo"
				$ hg -R foo1 pull -u
				pulling from $TESTTMP/foo (glob)
				searching for changes
				adding changesets
				adding manifests
				adding file changes
				added 1 changesets with 1 changes to 1 files (+1 heads)
				abort: not updating: not a linear update
				(merge or update --check to force update)
				[255]

				$ hg -R foo1 book branchy
				$ hg -R foo1 book
				* branchy 1:e3e522925eff

				Pull. Bookmark should not jump to new head.

				$ echo "there" >> foo/a && hg -R foo commit -m "edited a again"
				$ hg -R foo1 pull
				pulling from $TESTTMP/foo (glob)
				searching for changes
				adding changesets
				adding manifests
				adding file changes
				added 1 changesets with 1 changes to 1 files
				(run 'hg update' to get a working copy)

				$ hg -R foo1 book
				* branchy 1:e3e522925eff