upstream/mercurial-mirror Files · tests/test-mq-qimport-fail-cleanup.t

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Mads Kiilerich - - Load All Authors

File last commit:

r16913:f2719b38 default


                r28663:ae279d4a

3.7.3 stable

Download file

             test-mq-qimport-fail-cleanup.t
        
                    42 lines
            
             | 772 B
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-mq-qimport-fail-cleanup.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      Failed qimport of patches from files should cleanup by recording successfully

      imported patches in series file.

        $ echo "[extensions]" >> $HGRCPATH

        $ echo "mq=" >> $HGRCPATH

        $ hg init repo

        $ cd repo

        $ echo a > a

        $ hg ci -Am'add a'

        adding a

        $ cat >b.patch<<EOF

        > diff --git a/a b/a

        > --- a/a

        > +++ b/a

        > @@ -1,1 +1,2 @@

        >  a

        > +b

        > EOF

      empty series

        $ hg qseries

      qimport valid patch followed by invalid patch

        $ hg qimport b.patch fakepatch

        adding b.patch to series file

        abort: unable to read file fakepatch

        [255]

      valid patches before fail added to series

        $ hg qseries

        b.patch

        $ hg pull -q -r 0 . # update phase

        $ hg qimport -r 0

        abort: revision 0 is not mutable

        (see "hg help phases" for details)

        [255]

        $ cd ..

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				Failed qimport of patches from files should cleanup by recording successfully
				imported patches in series file.

				$ echo "[extensions]" >> $HGRCPATH
				$ echo "mq=" >> $HGRCPATH
				$ hg init repo
				$ cd repo
				$ echo a > a
				$ hg ci -Am'add a'
				adding a
				$ cat >b.patch<<EOF
				> diff --git a/a b/a
				> --- a/a
				> +++ b/a
				> @@ -1,1 +1,2 @@
				> a
				> +b
				> EOF

				empty series

				$ hg qseries

				qimport valid patch followed by invalid patch

				$ hg qimport b.patch fakepatch
				adding b.patch to series file
				abort: unable to read file fakepatch
				[255]

				valid patches before fail added to series

				$ hg qseries
				b.patch

				$ hg pull -q -r 0 . # update phase
				$ hg qimport -r 0
				abort: revision 0 is not mutable
				(see "hg help phases" for details)
				[255]

				$ cd ..