upstream/mercurial-mirror Files · tests/test-walkrepo.py

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Gregory Szorc - - Load All Authors

File last commit:

r27300:a8b2bf52 default


                r28663:ae279d4a

3.7.3 stable

Download file

             test-walkrepo.py
        
                    66 lines
            
             | 1.9 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / test-walkrepo.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      from __future__ import absolute_import

      import os

      from mercurial import (

          hg,

          scmutil,

          ui,

          util,

      )

      chdir = os.chdir

      mkdir = os.mkdir

      pjoin = os.path.join

      walkrepos = scmutil.walkrepos

      checklink = util.checklink

      u = ui.ui()

      sym = checklink('.')

      hg.repository(u, 'top1', create=1)

      mkdir('subdir')

      chdir('subdir')

      hg.repository(u, 'sub1', create=1)

      mkdir('subsubdir')

      chdir('subsubdir')

      hg.repository(u, 'subsub1', create=1)

      chdir(os.path.pardir)

      if sym:

          os.symlink(os.path.pardir, 'circle')

          os.symlink(pjoin('subsubdir', 'subsub1'), 'subsub1')

      def runtest():

          reposet = frozenset(walkrepos('.', followsym=True))

          if sym and (len(reposet) != 3):

              print "reposet = %r" % (reposet,)

              print ("Found %d repositories when I should have found 3"

                     % (len(reposet),))

          if (not sym) and (len(reposet) != 2):

              print "reposet = %r" % (reposet,)

              print ("Found %d repositories when I should have found 2"

                     % (len(reposet),))

          sub1set = frozenset((pjoin('.', 'sub1'),

                               pjoin('.', 'circle', 'subdir', 'sub1')))

          if len(sub1set & reposet) != 1:

              print "sub1set = %r" % (sub1set,)

              print "reposet = %r" % (reposet,)

              print "sub1set and reposet should have exactly one path in common."

          sub2set = frozenset((pjoin('.', 'subsub1'),

                               pjoin('.', 'subsubdir', 'subsub1')))

          if len(sub2set & reposet) != 1:

              print "sub2set = %r" % (sub2set,)

              print "reposet = %r" % (reposet,)

              print "sub2set and reposet should have exactly one path in common."

          sub3 = pjoin('.', 'circle', 'top1')

          if sym and sub3 not in reposet:

              print "reposet = %r" % (reposet,)

              print "Symbolic links are supported and %s is not in reposet" % (sub3,)

      runtest()

      if sym:

          # Simulate not having symlinks.

          del os.path.samestat

          sym = False

          runtest()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				from __future__ import absolute_import

				import os

				from mercurial import (
				hg,
				scmutil,
				ui,
				util,
				)

				chdir = os.chdir
				mkdir = os.mkdir
				pjoin = os.path.join

				walkrepos = scmutil.walkrepos
				checklink = util.checklink

				u = ui.ui()
				sym = checklink('.')

				hg.repository(u, 'top1', create=1)
				mkdir('subdir')
				chdir('subdir')
				hg.repository(u, 'sub1', create=1)
				mkdir('subsubdir')
				chdir('subsubdir')
				hg.repository(u, 'subsub1', create=1)
				chdir(os.path.pardir)
				if sym:
				os.symlink(os.path.pardir, 'circle')
				os.symlink(pjoin('subsubdir', 'subsub1'), 'subsub1')

				def runtest():
				reposet = frozenset(walkrepos('.', followsym=True))
				if sym and (len(reposet) != 3):
				print "reposet = %r" % (reposet,)
				print ("Found %d repositories when I should have found 3"
				% (len(reposet),))
				if (not sym) and (len(reposet) != 2):
				print "reposet = %r" % (reposet,)
				print ("Found %d repositories when I should have found 2"
				% (len(reposet),))
				sub1set = frozenset((pjoin('.', 'sub1'),
				pjoin('.', 'circle', 'subdir', 'sub1')))
				if len(sub1set & reposet) != 1:
				print "sub1set = %r" % (sub1set,)
				print "reposet = %r" % (reposet,)
				print "sub1set and reposet should have exactly one path in common."
				sub2set = frozenset((pjoin('.', 'subsub1'),
				pjoin('.', 'subsubdir', 'subsub1')))
				if len(sub2set & reposet) != 1:
				print "sub2set = %r" % (sub2set,)
				print "reposet = %r" % (reposet,)
				print "sub2set and reposet should have exactly one path in common."
				sub3 = pjoin('.', 'circle', 'top1')
				if sym and sub3 not in reposet:
				print "reposet = %r" % (reposet,)
				print "Symbolic links are supported and %s is not in reposet" % (sub3,)

				runtest()
				if sym:
				# Simulate not having symlinks.
				del os.path.samestat
				sym = False
				runtest()