##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r30406:cff0f592 default
r32050:77eaf953 4.1.3 stable
Show More
.hgignore
71 lines | 946 B | text/plain | TextLexer
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 syntax: glob
*.elc
Simon Heimberg
Makefile: do update on a temporary copy of a po file...
r19991 *.tmp
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 *.orig
*.rej
*~
Bryan O'Sullivan
Ignore mergebackup files generated by mpatch
r5019 *.mergebackup
Vadim Gelfer
contrib: add restricted shell.
r2341 *.o
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 *.so
Craig Leres
hgignore: ignore dll files generated under cygwin
r13643 *.dll
Adrian Buehlmann
hgignore: simply ignore all *.exe's everywhere...
r17115 *.exe
Adrian Buehlmann
ignore *.pyd files...
r6551 *.pyd
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 *.pyc
Simon Heimberg
hgignore: ignore more bytecode...
r13346 *.pyo
*$py.class
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 *.swp
*.prof
Adrian Buehlmann
hgignore: ignore zip files
r17274 *.zip
Bryan O'Sullivan
win32text: be more careful about rejecting violating changesets...
r8147 \#*\#
.\#*
Vadim Gelfer
let run-tests run optional code coverage tests....
r2068 tests/.coverage*
Bryan O'Sullivan
tests: write recent run times to a file named tests/.testtimes...
r27634 tests/.testtimes*
David R. MacIver
testing: generate tests operations using Hypothesis...
r28255 tests/.hypothesis
tests/hypothesis-generated
Thomas Arendsen Hein
Ignore annotated coverage output of run-tests.py -C
r2151 tests/annotated
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 tests/*.err
Markus Zapke-Gründemann
tests: add htmlcov option
r15859 tests/htmlcov
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 build
Yuya Nishihara
hgignore: ignore chg binary
r28061 contrib/chg/chg
Vadim Gelfer
contrib: add restricted shell.
r2341 contrib/hgsh/hgsh
anatoly techtonik
contrib/vagrant: use Vagrant for running tests on virtual machine...
r21874 contrib/vagrant/.vagrant
Sean Farley
make: turn ubuntu docker into template...
r29031 contrib/docker/ubuntu-*
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 dist
Matt Mackall
packaging: move output directory from build/ to packages/...
r21560 packages
Takumi IINO
doc: make man and html from translated documents...
r19426 doc/common.txt
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 doc/*.[0-9]
Takumi IINO
doc: make man and html from translated documents...
r19426 doc/*.[0-9].txt
Thomas Arendsen Hein
Ignore generated documentation
r1817 doc/*.[0-9].gendoc.txt
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 doc/*.[0-9].{x,ht}ml
MANIFEST
Thomas Arendsen Hein
hgignore: ignore MANIFEST.in (generated since 2ce7dfe17bc5)
r14560 MANIFEST.in
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 patches
timeless
setup: create a module for the modulepolicy...
r28430 mercurial/__modulepolicy__.py
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 mercurial/__version__.py
Adrian Buehlmann
exewrapper: adapt for legacy HackableMercurial...
r17732 mercurial/hgpythonlib.h
Lee Cantey
Ignore mercurial.egg-info build output
r11380 mercurial.egg-info
Lee Cantey
Ignore .DS_Store directories...
r2987 .DS_Store
Kirill Smelkov
.hgignore += tags & cscope files
r5693 tags
cscope.*
Angel Ezquerra
hgignore: ignore the PyCharm workspace folder
r22945 .idea/*
Philippe Pepiot
perf: add asv benchmarks...
r30406 .asv/*
Martin Geisler
i18n: let Makefile generate i18n/hg.pot...
r7648 i18n/hg.pot
Martin Geisler
i18n: new build_mo command for setup.py...
r7649 locale/*/LC_MESSAGES/hg.mo
Yuya Nishihara
setup: add command to generate index of extensions...
r14538 hgext/__index__.py
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270
Martin Geisler
use PURE option in Makefile
r7706 # files installed with a local --pure build
mercurial/base85.py
mercurial/bdiff.py
mercurial/diffhelpers.py
mercurial/mpatch.py
mercurial/osutil.py
mercurial/parsers.py
Bryan O'Sullivan
Switch to new syntax for .hgignore files....
r1270 syntax: regexp
Thomas Arendsen Hein
Ignore test error files, protect dot in .pc/
r794 ^\.pc/
Brendan Cully
Ignore eclipse droppings
r7439 ^\.(pydev)?project
Laurens Holst
ignore: add files present in the hackable-hg windows distribution
r15702
# hackable windows distribution additions
Mads Kiilerich
update .hgignore for hackable with Python 2.7
r16537 ^hg-python
Laurens Holst
ignore: add files present in the hackable-hg windows distribution
r15702 ^hg.py$