convert: test for shell injection in git calls (SEC)
CVE-2016-3069 (5/5)
Before recent refactoring we were not escaping calls to git at all
which made such injections possible. Let's have a test for that to
avoid this problem in the future. Reported by Blake Burkhart.
test --time
$ hg --time help -q help 2>&1 | grep time > /dev/null
$ hg init a
$ cd a
#if lsprof
test --profile
$ hg --profile st 2>../out
$ grep CallCount ../out > /dev/null || cat ../out
$ hg --profile --config profiling.output=../out st
$ grep CallCount ../out > /dev/null || cat ../out
$ hg --profile --config profiling.output=blackbox --config extensions.blackbox= st
$ grep CallCount .hg/blackbox.log > /dev/null || cat .hg/blackbox.log
$ hg --profile --config profiling.format=text st 2>../out
$ grep CallCount ../out > /dev/null || cat ../out
$ echo "[profiling]" >> $HGRCPATH
$ echo "format=kcachegrind" >> $HGRCPATH
$ hg --profile st 2>../out
$ grep 'events: Ticks' ../out > /dev/null || cat ../out
$ hg --profile --config profiling.output=../out st
$ grep 'events: Ticks' ../out > /dev/null || cat ../out
#endif
$ cd ..