##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r28725:3cf1995d default
r32050:77eaf953 4.1.3 stable
Show More
generate-working-copy-states.py
88 lines | 3.2 KiB | text/x-python | PythonLexer
/ tests / generate-working-copy-states.py
Martin von Zweigbergk
generate-working-copy-states: accept depth arguments on command line...
r23447 # Helper script used for generating history and working copy files and content.
# The file's name corresponds to its history. The number of changesets can
# be specified on the command line. With 2 changesets, files with names like
# content1_content2_content1-untracked are generated. The first two filename
# segments describe the contents in the two changesets. The third segment
# ("content1-untracked") describes the state in the working copy, i.e.
# the file has content "content1" and is untracked (since it was previously
# tracked, it has been forgotten).
#
# This script generates the filenames and their content, but it's up to the
# caller to tell hg about the state.
#
# There are two subcommands:
# filelist <numchangesets>
# state <numchangesets> (<changeset>|wc)
#
# Typical usage:
#
# $ python $TESTDIR/generate-working-copy-states.py state 2 1
# $ hg addremove --similarity 0
# $ hg commit -m 'first'
#
# $ python $TESTDIR/generate-working-copy-states.py state 2 1
# $ hg addremove --similarity 0
# $ hg commit -m 'second'
#
# $ python $TESTDIR/generate-working-copy-states.py state 2 wc
# $ hg addremove --similarity 0
# $ hg forget *_*_*-untracked
# $ rm *_*_missing-*
Robert Stanca
py3: use print_function in generate-working-copy-states.py
r28725 from __future__ import absolute_import, print_function
Gregory Szorc
tests: use absolute_import in generate-working-copy-states.py
r27295
import os
Martin von Zweigbergk
test-revert: move embedded script to its own file...
r23195 import sys
Martin von Zweigbergk
generate-working-copy-states: generalize for depth...
r23446 # Generates pairs of (filename, contents), where 'contents' is a list
# describing the file's content at each revision (or in the working copy).
# At each revision, it is either None or the file's actual content. When not
# None, it may be either new content or the same content as an earlier
# revisions, so all of (modified,clean,added,removed) can be tested.
def generatestates(maxchangesets, parentcontents):
depth = len(parentcontents)
if depth == maxchangesets + 1:
for tracked in ('untracked', 'tracked'):
filename = "_".join([(content is None and 'missing' or content) for
content in parentcontents]) + "-" + tracked
yield (filename, parentcontents)
else:
for content in (set([None, 'content' + str(depth + 1)]) |
set(parentcontents)):
for combination in generatestates(maxchangesets,
parentcontents + [content]):
yield combination
Martin von Zweigbergk
test-revert: move embedded script to its own file...
r23195
Martin von Zweigbergk
generate-working-copy-states: accept depth arguments on command line...
r23447 # retrieve the command line arguments
target = sys.argv[1]
maxchangesets = int(sys.argv[2])
if target == 'state':
depth = sys.argv[3]
Martin von Zweigbergk
test-revert: move embedded script to its own file...
r23195
Martin von Zweigbergk
generate-working-copy-states: accept depth arguments on command line...
r23447 # sort to make sure we have stable output
combinations = sorted(generatestates(maxchangesets, []))
Martin von Zweigbergk
test-revert: move embedded script to its own file...
r23195
# compute file content
content = []
Martin von Zweigbergk
generate-working-copy-states: accept depth arguments on command line...
r23447 for filename, states in combinations:
Martin von Zweigbergk
test-revert: move embedded script to its own file...
r23195 if target == 'filelist':
Robert Stanca
py3: use print_function in generate-working-copy-states.py
r28725 print(filename)
Martin von Zweigbergk
generate-working-copy-states: accept depth arguments on command line...
r23447 elif target == 'state':
if depth == 'wc':
# Make sure there is content so the file gets written and can be
# tracked. It will be deleted outside of this script.
content.append((filename, states[maxchangesets] or 'TOBEDELETED'))
else:
content.append((filename, states[int(depth) - 1]))
Martin von Zweigbergk
test-revert: move embedded script to its own file...
r23195 else:
Robert Stanca
py3: use print_function in generate-working-copy-states.py
r28725 print("unknown target:", target, file=sys.stderr)
Martin von Zweigbergk
test-revert: move embedded script to its own file...
r23195 sys.exit(1)
# write actual content
for filename, data in content:
if data is not None:
Matt Harbison
generate-working-copy-states: open() in binary mode when writing content...
r23494 f = open(filename, 'wb')
Martin von Zweigbergk
test-revert: move embedded script to its own file...
r23195 f.write(data + '\n')
f.close()
elif os.path.exists(filename):
os.remove(filename)