##// END OF EJS Templates
dirs: resolve fuzzer OOM situation by disallowing deep directory hierarchies...
dirs: resolve fuzzer OOM situation by disallowing deep directory hierarchies It seems like 2048 directories ought to be enough for any reasonable use of Mercurial? A previous version of this patch scanned for slashes before any allocations occurred. That approach is slower than this in the happy path, but much faster than this in the case that too many slashes are encountered. We may want to revisit it in the future using memchr() so it'll be well-optimized by the libc we're using. .. bc: Mercurial will now defend against OOMs by refusing to operate on paths with 2048 or more components. This means that _extremely_ deep path hierarchies will be rejected, but we anticipate nobody is using hierarchies this deep. Differential Revision: https://phab.mercurial-scm.org/D7411

File last commit:

r43812:2fe6121c default
r44057:0796e266 default
Show More
wsgicgi.py
94 lines | 3.0 KiB | text/x-python | PythonLexer
Eric Hopper
This patch make several WSGI related alterations....
r2506 # hgweb/wsgicgi.py - CGI->WSGI translator
#
# Copyright 2006 Eric Hopper <hopper@omnifarious.org>
#
Martin Geisler
updated license to be explicit about GPL version 2
r8225 # This software may be used and distributed according to the terms of the
Matt Mackall
Update license to GPLv2+
r10263 # GNU General Public License version 2 or any later version.
Eric Hopper
This patch make several WSGI related alterations....
r2506 #
# This was originally copied from the public domain code at
# http://www.python.org/dev/peps/pep-0333/#the-server-gateway-side
Yuya Nishihara
hgweb: use absolute_import
r27046 from __future__ import absolute_import
Augie Fackler
wsgicgi: un-do some prior porting work that is now wrong...
r37765 import os
Gregory Szorc
py3: manually import getattr where it is needed...
r43359 from ..pycompat import getattr
Augie Fackler
formatting: blacken the codebase...
r43346 from .. import pycompat
Yuya Nishihara
hgweb: use absolute_import
r27046
Augie Fackler
formatting: blacken the codebase...
r43346 from ..utils import procutil
Yuya Nishihara
procutil: bulk-replace util.std* to point to new module
r37137
Augie Fackler
formatting: blacken the codebase...
r43346 from . import common
Eric Hopper
This patch make several WSGI related alterations....
r2506
def launch(application):
Yuya Nishihara
procutil: bulk-replace function calls to point to new module
r37138 procutil.setbinary(procutil.stdin)
procutil.setbinary(procutil.stdout)
Eric Hopper
This patch make several WSGI related alterations....
r2506
Gregory Szorc
py3: finish porting iteritems() to pycompat and remove source transformer...
r43376 environ = dict(pycompat.iteritems(os.environ)) # re-exports
Augie Fackler
cleanup: remove pointless r-prefixes on single-quoted strings...
r43906 environ.setdefault('PATH_INFO', b'')
if environ.get('SERVER_SOFTWARE', '').startswith('Microsoft-IIS'):
Mads Kiilerich
fix trivial spelling errors
r17424 # IIS includes script_name in PATH_INFO
Augie Fackler
cleanup: remove pointless r-prefixes on single-quoted strings...
r43906 scriptname = environ['SCRIPT_NAME']
if environ['PATH_INFO'].startswith(scriptname):
environ['PATH_INFO'] = environ['PATH_INFO'][len(scriptname) :]
Dirkjan Ochtman
hgweb: support broken IIS 5 behavior with .cgi in PATH_INFO
r7406
Yuya Nishihara
procutil: bulk-replace util.std* to point to new module
r37137 stdin = procutil.stdin
Augie Fackler
cleanup: remove pointless r-prefixes on single-quoted strings...
r43906 if environ.get('HTTP_EXPECT', '').lower() == '100-continue':
Yuya Nishihara
procutil: bulk-replace util.std* to point to new module
r37137 stdin = common.continuereader(stdin, procutil.stdout.write)
Augie Fackler
hgweb: add support for 100-continue as recommended by PEP 333.
r13570
Augie Fackler
cleanup: remove pointless r-prefixes on single-quoted strings...
r43906 environ['wsgi.input'] = stdin
environ['wsgi.errors'] = procutil.stderr
environ['wsgi.version'] = (1, 0)
environ['wsgi.multithread'] = False
environ['wsgi.multiprocess'] = True
environ['wsgi.run_once'] = True
Eric Hopper
This patch make several WSGI related alterations....
r2506
Augie Fackler
cleanup: remove pointless r-prefixes on single-quoted strings...
r43906 if environ.get('HTTPS', 'off').lower() in ('on', '1', 'yes'):
environ['wsgi.url_scheme'] = 'https'
Eric Hopper
This patch make several WSGI related alterations....
r2506 else:
Augie Fackler
cleanup: remove pointless r-prefixes on single-quoted strings...
r43906 environ['wsgi.url_scheme'] = 'http'
Eric Hopper
This patch make several WSGI related alterations....
r2506
headers_set = []
headers_sent = []
Yuya Nishihara
procutil: bulk-replace util.std* to point to new module
r37137 out = procutil.stdout
Eric Hopper
This patch make several WSGI related alterations....
r2506
def write(data):
if not headers_set:
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 raise AssertionError(b"write() before start_response()")
Eric Hopper
This patch make several WSGI related alterations....
r2506
elif not headers_sent:
Thomas Arendsen Hein
white space and line break cleanups
r3673 # Before the first output, send the stored headers
status, response_headers = headers_sent[:] = headers_set
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 out.write(b'Status: %s\r\n' % pycompat.bytesurl(status))
Augie Fackler
wsgicgi: un-do some prior porting work that is now wrong...
r37765 for hk, hv in response_headers:
Augie Fackler
formatting: blacken the codebase...
r43346 out.write(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'%s: %s\r\n'
Augie Fackler
formatting: blacken the codebase...
r43346 % (pycompat.bytesurl(hk), pycompat.bytesurl(hv))
)
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 out.write(b'\r\n')
Eric Hopper
This patch make several WSGI related alterations....
r2506
Alexis S. L. Carvalho
hgweb: fix unbundle....
r2558 out.write(data)
out.flush()
Eric Hopper
This patch make several WSGI related alterations....
r2506
Thomas Arendsen Hein
white space and line break cleanups
r3673 def start_response(status, response_headers, exc_info=None):
Eric Hopper
This patch make several WSGI related alterations....
r2506 if exc_info:
try:
if headers_sent:
# Re-raise original exception if headers sent
Peter Ruibal
use Exception(args)-style raising consistently (py3k compatibility)
r7008 raise exc_info[0](exc_info[1], exc_info[2])
Eric Hopper
This patch make several WSGI related alterations....
r2506 finally:
Augie Fackler
formatting: blacken the codebase...
r43346 exc_info = None # avoid dangling circular ref
Eric Hopper
This patch make several WSGI related alterations....
r2506 elif headers_set:
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 raise AssertionError(b"Headers already set!")
Eric Hopper
This patch make several WSGI related alterations....
r2506
Thomas Arendsen Hein
white space and line break cleanups
r3673 headers_set[:] = [status, response_headers]
Eric Hopper
This patch make several WSGI related alterations....
r2506 return write
Dirkjan Ochtman
hgweb: fix WSGI iterators handling in CGI adapter (issue1254)
r6922 content = application(environ, start_response)
Konstantin Zemlyak
wsgicgi: call close() on iterable to avoid resource leaks...
r10753 try:
for chunk in content:
write(chunk)
Mads Kiilerich
hgweb.cgi: fix internal WSGI emulation (issue3804)...
r18552 if not headers_sent:
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 write(b'') # send headers now if body was empty
Konstantin Zemlyak
wsgicgi: call close() on iterable to avoid resource leaks...
r10753 finally:
Alex Gaynor
style: never use a space before a colon or comma...
r34487 getattr(content, 'close', lambda: None)()