##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r27234:15c6eb0a default
r32050:77eaf953 4.1.3 stable
Show More
test-audit-path.t
131 lines | 2.5 KiB | text/troff | Tads3Lexer
/ tests / test-audit-path.t
Martin Geisler
tests: unify test-audit-path
r11855 $ hg init
Mads Kiilerich
tests: convert some 'hghave symlink' to #if...
r16908 audit of .hg
Martin Geisler
tests: unify test-audit-path
r11855
$ hg add .hg/00changelog.i
Mads Kiilerich
tests: make (glob) on windows accept \ instead of /...
r15447 abort: path contains illegal component: .hg/00changelog.i (glob)
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Martin Geisler
tests: unify test-audit-path
r11855
Mads Kiilerich
tests: convert some 'hghave symlink' to #if...
r16908 #if symlink
Symlinks
Martin Geisler
tests: unify test-audit-path
r11855 $ mkdir a
$ echo a > a/a
$ hg ci -Ama
adding a/a
$ ln -s a b
$ echo b > a/b
$ hg add b/b
Mads Kiilerich
tests: make (glob) on windows accept \ instead of /...
r15447 abort: path 'b/b' traverses symbolic link 'b' (glob)
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Martin Geisler
tests: unify test-audit-path
r11855 $ hg add b
should still fail - maybe
$ hg add b/b
Mads Kiilerich
tests: make (glob) on windows accept \ instead of /...
r15447 abort: path 'b/b' traverses symbolic link 'b' (glob)
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Martin Geisler
tests: unify test-audit-path
r11855
Pierre-Yves David
context: use a the nofsauditor when matching file in history (issue4749)...
r27234 $ hg commit -m 'add symlink b'
Test symlink traversing when accessing history:
-----------------------------------------------
(build a changeset where the path exists as a directory)
$ hg up 0
0 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ mkdir b
$ echo c > b/a
$ hg add b/a
$ hg ci -m 'add directory b'
created new head
Test that hg cat does not do anything wrong the working copy has 'b' as directory
$ hg cat b/a
c
$ hg cat -r "desc(directory)" b/a
c
$ hg cat -r "desc(symlink)" b/a
b/a: no such file in rev bc151a1f53bd
[1]
Test that hg cat does not do anything wrong the working copy has 'b' as a symlink (issue4749)
$ hg up 'desc(symlink)'
1 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ hg cat b/a
b/a: no such file in rev bc151a1f53bd
[1]
$ hg cat -r "desc(directory)" b/a
c
$ hg cat -r "desc(symlink)" b/a
b/a: no such file in rev bc151a1f53bd
[1]
Mads Kiilerich
tests: convert some 'hghave symlink' to #if...
r16908 #endif
Martin Geisler
tests: unify test-audit-path
r11855 unbundle tampered bundle
$ hg init target
$ cd target
Thomas Arendsen Hein
tests: make tests work if directory contains special characters...
r16350 $ hg unbundle "$TESTDIR/bundles/tampered.hg"
Martin Geisler
tests: unify test-audit-path
r11855 adding changesets
adding manifests
adding file changes
added 5 changesets with 6 changes to 6 files (+4 heads)
(run 'hg heads' to see heads, 'hg merge' to merge)
attack .hg/test
$ hg manifest -r0
.hg/test
$ hg update -Cr0
Mads Kiilerich
tests: convert some 'hghave symlink' to #if...
r16908 abort: path contains illegal component: .hg/test (glob)
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Martin Geisler
tests: unify test-audit-path
r11855
attack foo/.hg/test
$ hg manifest -r1
foo/.hg/test
$ hg update -Cr1
Mads Kiilerich
tests: convert some 'hghave symlink' to #if...
r16908 abort: path 'foo/.hg/test' is inside nested repo 'foo' (glob)
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Martin Geisler
tests: unify test-audit-path
r11855
attack back/test where back symlinks to ..
$ hg manifest -r2
back
back/test
Mads Kiilerich
tests: convert some 'hghave symlink' to #if...
r16908 #if symlink
Martin Geisler
tests: unify test-audit-path
r11855 $ hg update -Cr2
abort: path 'back/test' traverses symbolic link 'back'
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Mads Kiilerich
tests: convert some 'hghave symlink' to #if...
r16908 #else
('back' will be a file and cause some other system specific error)
$ hg update -Cr2
abort: * (glob)
[255]
#endif
Martin Geisler
tests: unify test-audit-path
r11855
attack ../test
$ hg manifest -r3
../test
$ hg update -Cr3
Mads Kiilerich
tests: convert some 'hghave symlink' to #if...
r16908 abort: path contains illegal component: ../test (glob)
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Martin Geisler
tests: unify test-audit-path
r11855
attack /tmp/test
$ hg manifest -r4
/tmp/test
$ hg update -Cr4
Mads Kiilerich
tests: fix for windows - slashes and no serve
r18506 abort: path contains illegal component: /tmp/test (glob)
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Mads Kiilerich
tests: add missing trailing 'cd ..'...
r16913
$ cd ..