Mercurial Mercurial > mercurial / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/test-bdiff.py.out
author Mateusz Kwapich <mitrandir@fb.com>
Tue, 22 Mar 2016 17:27:27 -0700
branchstable
changeset 28663 ae279d4a19e9
parent 15530 eeac5e179243
child 29013 9a8363d23419
permissions -rw-r--r--
convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

*** 'a\nc\n\n\n\n' 'a\nb\n\n\n'
*** 'a\nb\nc\n' 'a\nc\n'
*** '' ''
*** 'a\nb\nc' 'a\nb\nc'
*** 'a\nb\nc\nd\n' 'a\nd\n'
*** 'a\nb\nc\nd\n' 'a\nc\ne\n'
*** 'a\nb\nc\n' 'a\nc\n'
*** 'a\n' 'c\na\nb\n'
*** 'a\n' ''
*** 'a\n' 'b\nc\n'
*** 'a\n' 'c\na\n'
*** '' 'adjfkjdjksdhfksj'
*** '' 'ab'
*** '' 'abc'
*** 'a' 'a'
*** 'ab' 'ab'
*** 'abc' 'abc'
*** 'a\n' 'a\n'
*** 'a\nb' 'a\nb'
6 6 'y\n\n'
6 6 'y\n\n'
9 9 'y\n\n'
done
done
mercurial