##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r29672:622782ea default
r32050:77eaf953 4.1.3 stable
Show More
test-bundle2-pushback.t
109 lines | 2.6 KiB | text/troff | Tads3Lexer
/ tests / test-bundle2-pushback.t
Eric Sumner
bundle2-push: provide transaction to reply unbundler...
r23439 $ cat > bundle2.py << EOF
> """A small extension to test bundle2 pushback parts.
> Current bundle2 implementation doesn't provide a way to generate those
> parts, so they must be created by extensions.
> """
> from mercurial import bundle2, pushkey, exchange, util
> def _newhandlechangegroup(op, inpart):
> """This function wraps the changegroup part handler for getbundle.
Pierre-Yves David
bundle2: rename format, parts and config to final names...
r24686 > It issues an additional pushkey part to send a new
Eric Sumner
bundle2-push: provide transaction to reply unbundler...
r23439 > bookmark back to the client"""
> result = bundle2.handlechangegroup(op, inpart)
Pierre-Yves David
bundle2: rename format, parts and config to final names...
r24686 > if 'pushback' in op.reply.capabilities:
Eric Sumner
bundle2-push: provide transaction to reply unbundler...
r23439 > params = {'namespace': 'bookmarks',
> 'key': 'new-server-mark',
> 'old': '',
> 'new': 'tip'}
> encodedparams = [(k, pushkey.encode(v)) for (k,v) in params.items()]
Pierre-Yves David
bundle2: rename format, parts and config to final names...
r24686 > op.reply.newpart('pushkey', mandatoryparams=encodedparams)
Eric Sumner
bundle2-push: provide transaction to reply unbundler...
r23439 > else:
Pierre-Yves David
bundle2: rename format, parts and config to final names...
r24686 > op.reply.newpart('output', data='pushback not enabled')
Eric Sumner
bundle2-push: provide transaction to reply unbundler...
r23439 > return result
> _newhandlechangegroup.params = bundle2.handlechangegroup.params
Pierre-Yves David
bundle2: rename format, parts and config to final names...
r24686 > bundle2.parthandlermapping['changegroup'] = _newhandlechangegroup
Eric Sumner
bundle2-push: provide transaction to reply unbundler...
r23439 > EOF
$ cat >> $HGRCPATH <<EOF
> [ui]
Matt Harbison
tests: restore 'python' and '$TESTDIR/' for dummyssh invocation...
r25495 > ssh = python "$TESTDIR/dummyssh"
Eric Sumner
bundle2-push: provide transaction to reply unbundler...
r23439 > username = nobody <no.reply@example.com>
>
> [alias]
> tglog = log -G -T "{desc} [{phase}:{node|short}]"
> EOF
Set up server repository
$ hg init server
$ cd server
$ echo c0 > f0
$ hg commit -Am 0
adding f0
Set up client repository
$ cd ..
$ hg clone ssh://user@dummy/server client -q
$ cd client
Enable extension
$ cat >> $HGRCPATH <<EOF
> [extensions]
> bundle2=$TESTTMP/bundle2.py
> EOF
Without config
$ cd ../client
$ echo c1 > f1
$ hg commit -Am 1
adding f1
$ hg push
pushing to ssh://user@dummy/server
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 1 changes to 1 files
Pierre-Yves David
bundle2: stop capturing output for ssh again...
r25423 remote: pushback not enabled
Eric Sumner
bundle2-push: provide transaction to reply unbundler...
r23439 $ hg bookmark
no bookmarks set
$ cd ../server
$ hg tglog
o 1 [public:2b9c7234e035]
|
@ 0 [public:6cee5c8f3e5b]
With config
$ cd ../client
$ echo '[experimental]' >> .hg/hgrc
$ echo 'bundle2.pushback = True' >> .hg/hgrc
$ echo c2 > f2
$ hg commit -Am 2
adding f2
$ hg push
pushing to ssh://user@dummy/server
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 1 changes to 1 files
$ hg bookmark
new-server-mark 2:0a76dfb2e179
$ cd ../server
$ hg tglog
o 2 [public:0a76dfb2e179]
|
o 1 [public:2b9c7234e035]
|
@ 0 [public:6cee5c8f3e5b]