New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alias command injection #306

Merged

tony merged 4 commits into master from hg-vuln

Mar 12, 2022

Commits on Mar 12, 2022

test(test_hg): Alias command injection recreation in URLs

tony committed Mar 12, 2022
Configuration menu
View commit details

Copy full SHA for 6cbba39

Browse repository at this point
Copy the full SHA

6cbba39 View commit details

Browse the repository at this point in the history
tests(hg): Check for URL command injection vuln

tony committed Mar 12, 2022
Configuration menu
View commit details

Copy full SHA for c8a2ca6

Browse repository at this point
Copy the full SHA

c8a2ca6 View commit details

Browse the repository at this point in the history
fix(hg): Command injection vulnerability in URLs via alias
```
> create_repo(
>    url="--config=alias.clone=!touch ./HELLO", vcs="hg", repo_dir="./"
> )

Credit: Alessio Della Libera <[email protected]> via Snyk
```
tony committed Mar 12, 2022
Configuration menu
View commit details

Copy full SHA for 3f4e93e

Browse repository at this point
Copy the full SHA

3f4e93e View commit details

Browse the repository at this point in the history
docs(CHANGES): Note vulnerability fix

tony committed Mar 12, 2022
Configuration menu
View commit details

Copy full SHA for 66640ae

Browse repository at this point
Copy the full SHA

66640ae View commit details

Browse the repository at this point in the history