upstream/mercurial-mirror Files · mercurial/py3kcompat.py

subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols (SEC)...

subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols (SEC) CVE-2016-3068 (1/1) Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. This feature allows implementing simple git smart transports with a single shell shell command. However, git submodules could clone arbitrary URLs specified in the .gitmodules file. This was reported as CVE-2015-7545 and fixed in git v2.6.1. However, if a user directly clones a malicious ext URL, the git client will still run arbitrary shell commands. Mercurial is similarly effected. Mercurial allows specifying git repositories as subrepositories. Git ext:: URLs can be specified as Mercurial subrepositories allowing arbitrary shell commands to be run on `hg clone ...`. The Mercurial community would like to thank Blake Burkhart for reporting this issue. The description of the issue is copied from Blake's report. This commit changes submodules to pass the GIT_ALLOW_PROTOCOL env variable to git commands with the same list of allowed protocols that git submodule is using. When the GIT_ALLOW_PROTOCOL env variable is already set, we just pass it to git without modifications.

Gregory Szorc - - Load All Authors

File last commit:

r27486:5bfd01a3 default


                r28658:34d43cb8

stable

Download file

             py3kcompat.py
        
                    68 lines
            
             | 2.1 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / mercurial / py3kcompat.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Renato Cunha
    
py3kcompat: added a "compatibility layer" for py3k...

              r11748
            
      # py3kcompat.py - compatibility definitions for running hg in py3k

      #

      # Copyright 2010 Renato Cunha <renatoc@gmail.com>

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

        Gregory Szorc
    
py3compat: use absolute_import

              r27486
            
      from __future__ import absolute_import

        Renato Cunha
    
py3kcompat: added a "compatibility layer" for py3k...

              r11748
            
        Gregory Szorc
    
py3compat: use absolute_import

              r27486
            
      import builtins

      import numbers

      Number = numbers.Number

        Renato Cunha
    
py3kcompat: added a "compatibility layer" for py3k...

              r11748
            
      def bytesformatter(format, args):

          '''Custom implementation of a formatter for bytestrings.

        Mads Kiilerich
    
fix trivial spelling errors

              r17424
            
          This function currently relies on the string formatter to do the

        Renato Cunha
    
py3kcompat: added a "compatibility layer" for py3k...

              r11748
            
          formatting and always returns bytes objects.

          >>> bytesformatter(20, 10)

          0

          >>> bytesformatter('unicode %s, %s!', ('string', 'foo'))

          b'unicode string, foo!'

          >>> bytesformatter(b'test %s', 'me')

          b'test me'

          >>> bytesformatter('test %s', 'me')

          b'test me'

          >>> bytesformatter(b'test %s', b'me')

          b'test me'

          >>> bytesformatter('test %s', b'me')

          b'test me'

          >>> bytesformatter('test %d: %s', (1, b'result'))

          b'test 1: result'

          '''

          # The current implementation just converts from bytes to unicode, do

          # what's needed and then convert the results back to bytes.

          # Another alternative is to use the Python C API implementation.

          if isinstance(format, Number):

              # If the fixer erroneously passes a number remainder operation to

              # bytesformatter, we just return the correct operation

              return format % args

          if isinstance(format, bytes):

              format = format.decode('utf-8', 'surrogateescape')

          if isinstance(args, bytes):

              args = args.decode('utf-8', 'surrogateescape')

          if isinstance(args, tuple):

              newargs = []

              for arg in args:

                  if isinstance(arg, bytes):

                      arg = arg.decode('utf-8', 'surrogateescape')

                  newargs.append(arg)

              args = tuple(newargs)

          ret = format % args

          return ret.encode('utf-8', 'surrogateescape')

      builtins.bytesformatter = bytesformatter

        Renato Cunha
    
py3kcompat: added fake ord implementation for py3k...

              r11878
            
      origord = builtins.ord

      def fakeord(char):

          if isinstance(char, int):

              return char

          return origord(char)

      builtins.ord = fakeord

        Renato Cunha
    
py3kcompat: added a "compatibility layer" for py3k...

              r11748
            
      if __name__ == '__main__':

          import doctest

          doctest.testmod()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Renato Cunha py3kcompat: added a "compatibility layer" for py3k...	r11748	# py3kcompat.py - compatibility definitions for running hg in py3k
		#
		# Copyright 2010 Renato Cunha <renatoc@gmail.com>
		#
		# This software may be used and distributed according to the terms of the
		# GNU General Public License version 2 or any later version.

Gregory Szorc py3compat: use absolute_import	r27486	from __future__ import absolute_import
Renato Cunha py3kcompat: added a "compatibility layer" for py3k...	r11748
Gregory Szorc py3compat: use absolute_import	r27486	import builtins
		import numbers

		Number = numbers.Number
Renato Cunha py3kcompat: added a "compatibility layer" for py3k...	r11748
		def bytesformatter(format, args):
		'''Custom implementation of a formatter for bytestrings.

Mads Kiilerich fix trivial spelling errors	r17424	This function currently relies on the string formatter to do the
Renato Cunha py3kcompat: added a "compatibility layer" for py3k...	r11748	formatting and always returns bytes objects.

		>>> bytesformatter(20, 10)
		0
		>>> bytesformatter('unicode %s, %s!', ('string', 'foo'))
		b'unicode string, foo!'
		>>> bytesformatter(b'test %s', 'me')
		b'test me'
		>>> bytesformatter('test %s', 'me')
		b'test me'
		>>> bytesformatter(b'test %s', b'me')
		b'test me'
		>>> bytesformatter('test %s', b'me')
		b'test me'
		>>> bytesformatter('test %d: %s', (1, b'result'))
		b'test 1: result'
		'''
		# The current implementation just converts from bytes to unicode, do
		# what's needed and then convert the results back to bytes.
		# Another alternative is to use the Python C API implementation.
		if isinstance(format, Number):
		# If the fixer erroneously passes a number remainder operation to
		# bytesformatter, we just return the correct operation
		return format % args
		if isinstance(format, bytes):
		format = format.decode('utf-8', 'surrogateescape')
		if isinstance(args, bytes):
		args = args.decode('utf-8', 'surrogateescape')
		if isinstance(args, tuple):
		newargs = []
		for arg in args:
		if isinstance(arg, bytes):
		arg = arg.decode('utf-8', 'surrogateescape')
		newargs.append(arg)
		args = tuple(newargs)
		ret = format % args
		return ret.encode('utf-8', 'surrogateescape')
		builtins.bytesformatter = bytesformatter

Renato Cunha py3kcompat: added fake ord implementation for py3k...	r11878	origord = builtins.ord
		def fakeord(char):
		if isinstance(char, int):
		return char
		return origord(char)
		builtins.ord = fakeord

Renato Cunha py3kcompat: added a "compatibility layer" for py3k...	r11748	if __name__ == '__main__':
		import doctest
		doctest.testmod()