##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r31957:84f9eb97 default
r32050:77eaf953 4.1.3 stable
Show More
test-bad-extension.t
73 lines | 2.6 KiB | text/troff | Tads3Lexer
/ tests / test-bad-extension.t
Martin Geisler
tests: unify test-bad-extension
r11858 $ echo 'raise Exception("bit bucket overflow")' > badext.py
Simon Farnsworth
tests: confirm that a badly documented extension doesn't cause a crash...
r28083 $ abspathexc=`pwd`/badext.py
$ cat >baddocext.py <<EOF
> """
> baddocext is bad
> """
> EOF
$ abspathdoc=`pwd`/baddocext.py
Martin Geisler
tests: unify test-bad-extension
r11858
Yuya Nishihara
tests: write hgrc of more than two lines by using shell heredoc...
r23172 $ cat <<EOF >> $HGRCPATH
> [extensions]
> gpg =
> hgext.gpg =
Simon Farnsworth
tests: confirm that a badly documented extension doesn't cause a crash...
r28083 > badext = $abspathexc
> baddocext = $abspathdoc
Yuya Nishihara
tests: write hgrc of more than two lines by using shell heredoc...
r23172 > badext2 =
> EOF
Martin Geisler
tests: unify test-bad-extension
r11858
timeless@mozdev.org
test-bad-extension: reduce dependencies on other things...
r26239 $ hg -q help help 2>&1 |grep extension
Mads Kiilerich
tests: remove redundant globs...
r12640 *** failed to import extension badext from $TESTTMP/badext.py: bit bucket overflow
Brodie Rao
tests: require regexes in unified tests to be marked with " (re)"...
r12375 *** failed to import extension badext2: No module named badext2
Yuya Nishihara
extensions: show traceback on load failure if --traceback flag is set...
r25364
show traceback
timeless@mozdev.org
test-bad-extension: reduce dependencies on other things...
r26239 $ hg -q help help --traceback 2>&1 | egrep ' extension|^Exception|Traceback|ImportError'
Yuya Nishihara
extensions: show traceback on load failure if --traceback flag is set...
r25364 *** failed to import extension badext from $TESTTMP/badext.py: bit bucket overflow
Traceback (most recent call last):
Exception: bit bucket overflow
*** failed to import extension badext2: No module named badext2
Traceback (most recent call last):
ImportError: No module named badext2
Jun Wu
extensions: add notloaded method to return extensions failed to load...
r28155 names of extensions failed to load can be accessed via extensions.notloaded()
$ cat <<EOF > showbadexts.py
> from mercurial import cmdutil, commands, extensions
> cmdtable = {}
> command = cmdutil.command(cmdtable)
> @command('showbadexts', norepo=True)
> def showbadexts(ui, *pats, **opts):
Danek Duvall
tests: Solaris grep doesn't add a trailing newline when it's missing...
r28338 > ui.write('BADEXTS: %s\n' % ' '.join(sorted(extensions.notloaded())))
Jun Wu
extensions: add notloaded method to return extensions failed to load...
r28155 > EOF
$ hg --config extensions.badexts=showbadexts.py showbadexts 2>&1 | grep '^BADEXTS'
BADEXTS: badext badext2
Yuya Nishihara
extensions: show traceback on load failure if --traceback flag is set...
r25364 show traceback for ImportError of hgext.name if debug is set
(note that --debug option isn't applied yet when loading extensions)
timeless@mozdev.org
test-bad-extension: reduce dependencies on other things...
r26239 $ (hg -q help help --traceback --config ui.debug=True 2>&1) \
> | grep -v '^ ' \
> | egrep 'extension..[^p]|^Exception|Traceback|ImportError|not import'
Yuya Nishihara
extensions: show traceback on load failure if --traceback flag is set...
r25364 *** failed to import extension badext from $TESTTMP/badext.py: bit bucket overflow
Traceback (most recent call last):
Exception: bit bucket overflow
Pierre-Yves David
extensions: fix a debug message when searching for extensions...
r30027 could not import hgext.badext2 (No module named *badext2): trying hgext3rd.badext2 (glob)
Yuya Nishihara
extensions: show traceback on load failure if --traceback flag is set...
r25364 Traceback (most recent call last):
Bryan O'Sullivan
test-bad-extension: account for PyPy/CPython error difference
r27538 ImportError: No module named *badext2 (glob)
Maciej Fijalkowski
pypy: fix overspecific test checks...
r28737 could not import hgext3rd.badext2 (No module named *badext2): trying badext2 (glob)
Pierre-Yves David
extensions: also search for extension in the 'hgext3rd' package...
r28541 Traceback (most recent call last):
Maciej Fijalkowski
pypy: fix overspecific test checks...
r28737 ImportError: No module named *badext2 (glob)
Yuya Nishihara
extensions: show traceback on load failure if --traceback flag is set...
r25364 *** failed to import extension badext2: No module named badext2
Traceback (most recent call last):
ImportError: No module named badext2
Simon Farnsworth
tests: confirm that a badly documented extension doesn't cause a crash...
r28083
confirm that there's no crash when an extension's documentation is bad
$ hg help --keyword baddocext
*** failed to import extension badext from $TESTTMP/badext.py: bit bucket overflow
*** failed to import extension badext2: No module named badext2
Topics:
extensions Using Additional Features