##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r30843:2fb3ae89 stable
r32050:77eaf953 4.1.3 stable
Show More
check-commit
111 lines | 3.5 KiB | text/plain | TextLexer
Matt Mackall
contrib: add check-commit hook script to sanity-check commits
r22043 #!/usr/bin/env python
#
# Copyright 2014 Matt Mackall <mpm@selenic.com>
#
# A tool/hook to run basic sanity checks on commits/patches for
# submission to Mercurial. Install by adding the following to your
# .hg/hgrc:
#
# [hooks]
# pretxncommit = contrib/check-commit
#
# The hook can be temporarily bypassed with:
#
# $ BYPASS= hg commit
#
Matt Mackall
urls: bulk-change primary website URLs
r26421 # See also: https://mercurial-scm.org/wiki/ContributingChanges
Matt Mackall
contrib: add check-commit hook script to sanity-check commits
r22043
Pulkit Goyal
py3: make contrib/check-commit use print_function
r29164 from __future__ import absolute_import, print_function
Pulkit Goyal
py3: make contrib/check-commit use absolute_import
r29163
import os
import re
import sys
Matt Mackall
contrib: add check-commit hook script to sanity-check commits
r22043
timeless
check-commit: try to fix multiline handling...
r27782 commitheader = r"^(?:# [^\n]*\n)*"
afterheader = commitheader + r"(?!#)"
beforepatch = afterheader + r"(?!\n(?!@@))"
Matt Mackall
contrib: add check-commit hook script to sanity-check commits
r22043 errors = [
timeless
check-commit: try to fix multiline handling...
r27782 (beforepatch + r".*[(]bc[)]", "(BC) needs to be uppercase"),
FUJIWARA Katsunori
check-commit: wrap too long line...
r28042 (beforepatch + r".*[(]issue \d\d\d",
"no space allowed between issue and number"),
timeless
check-commit: try to fix multiline handling...
r27782 (beforepatch + r".*[(]bug(\d|\s)", "use (issueDDDD) instead of bug"),
(commitheader + r"# User [^@\n]+\n", "username is not an email address"),
(commitheader + r"(?!merge with )[^#]\S+[^:] ",
Matt Mackall
contrib: add check-commit hook script to sanity-check commits
r22043 "summary line doesn't start with 'topic: '"),
timeless
check-commit: try to fix multiline handling...
r27782 (afterheader + r"[A-Z][a-z]\S+", "don't capitalize summary lines"),
(afterheader + r"[^\n]*: *[A-Z][a-z]\S+", "don't capitalize summary lines"),
Mathias De Maré
check-commit: allow underscore as commit topic...
r30061 (afterheader + r"\S*[^A-Za-z0-9-_]\S*: ",
Matt Mackall
check-commit: try to curb bad commit summary keywords...
r27692 "summary keyword should be most user-relevant one-word command or topic"),
timeless
check-commit: try to fix multiline handling...
r27782 (afterheader + r".*\.\s*\n", "don't add trailing period on summary line"),
(afterheader + r".{79,}", "summary line too long (limit is 78)"),
Matt Mackall
check-commit: check for double-addition of blank lines...
r28013 (r"\n\+\n( |\+)\n", "adds double empty line"),
timeless
check-commit: try to fix multiline handling...
r27782 (r"\n \n\+\n", "adds double empty line"),
Augie Fackler
check-commit: allow underbars in cffi_-prefix function names...
r29716 # Forbid "_" in function name.
#
# We skip the check for cffi related functions. They use names mapping the
# name of the C function. C function names may contain "_".
(r"\n\+[ \t]+def (?!cffi)[a-z]+_[a-z]",
"adds a function with foo_bar naming"),
Matt Mackall
contrib: add check-commit hook script to sanity-check commits
r22043 ]
timeless
check-commit: try to fix multiline handling...
r27782 word = re.compile('\S')
def nonempty(first, second):
if word.search(first):
return first
return second
FUJIWARA Katsunori
check-commit: omit whitespace...
r28043 def checkcommit(commit, node=None):
timeless
check-commit: modularize
r27780 exitcode = 0
timeless
check-commit: support REVs as commandline arguments...
r27781 printed = node is None
timeless
check-commit: sort errors by line number
r27783 hits = []
Augie Fackler
contrib: fix check-commit to not reject commits from `hg sign` and `hg tag`...
r30843 signtag = (afterheader +
r'Added (tag [^ ]+|signature) for changeset [a-f0-9]{12}')
if re.search(signtag, commit):
return 0
timeless
check-commit: modularize
r27780 for exp, msg in errors:
Matt Mackall
check-commit: scan for multiple instances of error patterns
r28012 for m in re.finditer(exp, commit):
timeless
check-commit: try to fix multiline handling...
r27782 end = m.end()
trailing = re.search(r'(\\n)+$', exp)
if trailing:
end -= len(trailing.group()) / 2
timeless
check-commit: sort errors by line number
r27783 hits.append((end, exp, msg))
if hits:
hits.sort()
pos = 0
last = ''
for n, l in enumerate(commit.splitlines(True)):
pos += len(l)
while len(hits):
end, exp, msg = hits[0]
timeless
check-commit: try to fix multiline handling...
r27782 if pos < end:
timeless
check-commit: modularize
r27780 break
timeless
check-commit: sort errors by line number
r27783 if not printed:
printed = True
Pulkit Goyal
py3: make contrib/check-commit use print_function
r29164 print("node: %s" % node)
print("%d: %s" % (n, msg))
print(" %s" % nonempty(l, last)[:-1])
timeless
check-commit: sort errors by line number
r27783 if "BYPASS" not in os.environ:
exitcode = 1
del hits[0]
last = nonempty(l, last)
timeless
check-commit: modularize
r27780 return exitcode
Matt Mackall
contrib: add check-commit hook script to sanity-check commits
r22043
timeless
check-commit: modularize
r27780 def readcommit(node):
return os.popen("hg export %s" % node).read()
if __name__ == "__main__":
timeless
check-commit: support REVs as commandline arguments...
r27781 exitcode = 0
timeless
check-commit: modularize
r27780 node = os.environ.get("HG_NODE")
Matt Mackall
contrib: add check-commit hook script to sanity-check commits
r22043
timeless
check-commit: modularize
r27780 if node:
commit = readcommit(node)
timeless
check-commit: support REVs as commandline arguments...
r27781 exitcode = checkcommit(commit)
elif sys.argv[1:]:
for node in sys.argv[1:]:
exitcode |= checkcommit(readcommit(node), node)
timeless
check-commit: modularize
r27780 else:
commit = sys.stdin.read()
timeless
check-commit: support REVs as commandline arguments...
r27781 exitcode = checkcommit(commit)
timeless
check-commit: modularize
r27780 sys.exit(exitcode)