##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r30559:d83ca854 default
r32050:77eaf953 4.1.3 stable
Show More
check-seclevel.py
173 lines | 5.8 KiB | text/x-python | PythonLexer
/ doc / check-seclevel.py
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 #!/usr/bin/env python
#
timeless@mozdev.org
check-seclevel: fix file description grammar
r26192 # checkseclevel - checking section title levels in each online help document
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648
Pulkit Goyal
py3: make check-seclevel use absolute_import...
r28965 from __future__ import absolute_import
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 import optparse
Pulkit Goyal
py3: make check-seclevel use absolute_import...
r28965 import os
import sys
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648
# import from the live mercurial repo
Gregory Szorc
check-seclevel: set module load policy to Python only...
r27221 os.environ['HGMODULEPOLICY'] = 'py'
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 sys.path.insert(0, "..")
from mercurial import demandimport; demandimport.enable()
Pulkit Goyal
py3: make check-seclevel use absolute_import...
r28965 from mercurial import (
commands,
extensions,
help,
minirst,
ui as uimod,
)
table = commands.table
helptable = help.helptable
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648
level2mark = ['"', '=', '-', '.', '#']
reservedmarks = ['"']
mark2level = {}
for m, l in zip(level2mark, xrange(len(level2mark))):
if m not in reservedmarks:
mark2level[m] = l
initlevel_topic = 0
initlevel_cmd = 1
initlevel_ext = 1
initlevel_ext_cmd = 3
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 def showavailables(ui, initlevel):
ui.warn((' available marks and order of them in this help: %s\n') %
(', '.join(['%r' % (m * 4) for m in level2mark[initlevel + 1:]])))
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 def checkseclevel(ui, doc, name, initlevel):
ui.note(('checking "%s"\n') % name)
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 blocks, pruned = minirst.parse(doc, 0, ['verbose'])
errorcnt = 0
curlevel = initlevel
for block in blocks:
if block['type'] != 'section':
continue
mark = block['underline']
title = block['lines'][0]
if (mark not in mark2level) or (mark2level[mark] <= initlevel):
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 ui.warn(('invalid section mark %r for "%s" of %s\n') %
(mark * 4, title, name))
showavailables(ui, initlevel)
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 errorcnt += 1
continue
nextlevel = mark2level[mark]
if curlevel < nextlevel and curlevel + 1 != nextlevel:
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 ui.warn(('gap of section level at "%s" of %s\n') %
(title, name))
showavailables(ui, initlevel)
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 errorcnt += 1
continue
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 ui.note(('appropriate section level for "%s %s"\n') %
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 (mark * (nextlevel * 2), title))
curlevel = nextlevel
return errorcnt
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 def checkcmdtable(ui, cmdtable, namefmt, initlevel):
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 errorcnt = 0
for k, entry in cmdtable.items():
name = k.split("|")[0].lstrip("^")
if not entry[0].__doc__:
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 ui.note(('skip checking %s: no help document\n') %
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 (namefmt % name))
continue
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 errorcnt += checkseclevel(ui, entry[0].__doc__,
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 namefmt % name,
initlevel)
return errorcnt
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 def checkhghelps(ui):
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 errorcnt = 0
for names, sec, doc in helptable:
Augie Fackler
check-seclevel: restore use of callable() since it was readded in Python 3.2
r21792 if callable(doc):
Yuya Nishihara
help: pass around ui to doc loader (API)...
r26413 doc = doc(ui)
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 errorcnt += checkseclevel(ui, doc,
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 '%s help topic' % names[0],
initlevel_topic)
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 errorcnt += checkcmdtable(ui, table, '%s command', initlevel_cmd)
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648
for name in sorted(extensions.enabled().keys() +
extensions.disabled().keys()):
Bryan O'Sullivan
check-seclevel: pass a ui to the extension loader...
r27511 mod = extensions.load(ui, name, None)
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 if not mod.__doc__:
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 ui.note(('skip checking %s extension: no help document\n') % name)
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 continue
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 errorcnt += checkseclevel(ui, mod.__doc__,
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 '%s extension' % name,
initlevel_ext)
cmdtable = getattr(mod, 'cmdtable', None)
if cmdtable:
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 errorcnt += checkcmdtable(ui, cmdtable,
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 '%s command of ' + name + ' extension',
initlevel_ext_cmd)
return errorcnt
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 def checkfile(ui, filename, initlevel):
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 if filename == '-':
filename = 'stdin'
doc = sys.stdin.read()
else:
Bryan O'Sullivan
check-seclevel: use a context manager for file I/O
r27770 with open(filename) as fp:
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 doc = fp.read()
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 ui.note(('checking input from %s with initlevel %d\n') %
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 (filename, initlevel))
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 return checkseclevel(ui, doc, 'input from %s' % filename, initlevel)
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648
Yuya Nishihara
check-seclevel: wrap entry point by function...
r26398 def main():
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 optparser = optparse.OptionParser("""%prog [options]
This checks all help documents of Mercurial (topics, commands,
extensions and commands of them), if no file is specified by --file
option.
""")
optparser.add_option("-v", "--verbose",
help="enable additional output",
action="store_true")
Bryan O'Sullivan
check-seclevel: add a --debug option...
r27510 optparser.add_option("-d", "--debug",
help="debug mode",
action="store_true")
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 optparser.add_option("-f", "--file",
help="filename to read in (or '-' for stdin)",
action="store", default="")
optparser.add_option("-t", "--topic",
help="parse file as help topic",
action="store_const", dest="initlevel", const=0)
optparser.add_option("-c", "--command",
help="parse file as help of core command",
action="store_const", dest="initlevel", const=1)
optparser.add_option("-e", "--extension",
help="parse file as help of extension",
action="store_const", dest="initlevel", const=1)
optparser.add_option("-C", "--extension-command",
help="parse file as help of extension command",
action="store_const", dest="initlevel", const=3)
optparser.add_option("-l", "--initlevel",
help="set initial section level manually",
action="store", type="int", default=0)
(options, args) = optparser.parse_args()
Yuya Nishihara
ui: factor out ui.load() to create a ui without loading configs (API)...
r30559 ui = uimod.ui.load()
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 ui.setconfig('ui', 'verbose', options.verbose, '--verbose')
Bryan O'Sullivan
check-seclevel: add a --debug option...
r27510 ui.setconfig('ui', 'debug', options.debug, '--debug')
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648
if options.file:
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 if checkfile(ui, options.file, options.initlevel):
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 sys.exit(1)
else:
Yuya Nishihara
check-seclevel: use ui to show status and error messages...
r26411 if checkhghelps(ui):
FUJIWARA Katsunori
doc: add the tool to check section marks in help documents...
r17648 sys.exit(1)
Yuya Nishihara
check-seclevel: wrap entry point by function...
r26398
if __name__ == "__main__":
main()