upstream/mercurial-mirror Files · tests/test-trusted.py.out

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Martin Geisler - - Load All Authors

File last commit:

r16939:fa91ddfc default


                r28663:ae279d4a

3.7.3 stable

Download file

             test-trusted.py.out
        
                    179 lines
            
             | 4.1 KiB
            
                | text/plain
            
             |
                TextLexer

/ tests / test-trusted.py.out

History | Annotation | Raw |Copy content |Copy permalink

				# same user, same group
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# same user, different group
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# different user, same group
				not trusting file .hg/hgrc from untrusted user abc, group bar
				trusted
				global = /some/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# different user, same group, but we trust the group
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# different user, different group
				not trusting file .hg/hgrc from untrusted user abc, group def
				trusted
				global = /some/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# different user, different group, but we trust the user
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# different user, different group, but we trust the group
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# different user, different group, but we trust the user and the group
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# we trust all users
				# different user, different group
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# we trust all groups
				# different user, different group
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# we trust all users and groups
				# different user, different group
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# we don't get confused by users and groups with the same name
				# different user, different group
				not trusting file .hg/hgrc from untrusted user abc, group def
				trusted
				global = /some/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# list of user names
				# different user, different group, but we trust the user
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# list of group names
				# different user, different group, but we trust the group
				trusted
				global = /some/path
				local = /another/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# Can't figure out the name of the user running this process
				# different user, different group
				not trusting file .hg/hgrc from untrusted user abc, group def
				trusted
				global = /some/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# prints debug warnings
				# different user, different group
				not trusting file .hg/hgrc from untrusted user abc, group def
				trusted
				ignoring untrusted configuration option paths.local = /another/path
				global = /some/path
				untrusted
				. . global = /some/path
				.ignoring untrusted configuration option paths.local = /another/path
				. local = /another/path

				# report_untrusted enabled without debug hides warnings
				# different user, different group
				trusted
				global = /some/path
				untrusted
				. . global = /some/path
				. . local = /another/path

				# report_untrusted enabled with debug shows warnings
				# different user, different group
				not trusting file .hg/hgrc from untrusted user abc, group def
				trusted
				ignoring untrusted configuration option paths.local = /another/path
				global = /some/path
				untrusted
				. . global = /some/path
				.ignoring untrusted configuration option paths.local = /another/path
				. local = /another/path

				# ui.readconfig sections
				quux

				# read trusted, untrusted, new ui, trusted
				not trusting file foobar from untrusted user abc, group def
				trusted:
				ignoring untrusted configuration option foobar.baz = quux
				None
				untrusted:
				quux

				# error handling
				# file doesn't exist
				# same user, same group
				# different user, different group

				# parse error
				# different user, different group
				not trusting file .hg/hgrc from untrusted user abc, group def
				('foo', '.hg/hgrc:1')
				# same user, same group
				('foo', '.hg/hgrc:1')

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages