##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r31442:d3a56bb2 default
r32050:77eaf953 4.1.3 stable
Show More
test-check-module-imports.t
182 lines | 6.0 KiB | text/troff | Tads3Lexer
/ tests / test-check-module-imports.t
Pierre-Yves David
tests: rename 'test-module-import.t' into 'test-check-module-import.t'...
r28275 #require test-repo
timeless
tests: silence test-repo obsolete warning...
r29219 $ . "$TESTDIR/helpers-testrepo.sh"
Pierre-Yves David
tests: rename 'test-module-import.t' into 'test-check-module-import.t'...
r28275 $ import_checker="$TESTDIR"/../contrib/import-checker.py
Run the doctests from the import checker, and make sure
it's working correctly.
$ TERM=dumb
$ export TERM
$ python -m doctest $import_checker
Run additional tests for the import checker
$ mkdir testpackage
Yuya Nishihara
import-checker: fix test to make a real package...
r29206 $ touch testpackage/__init__.py
Pierre-Yves David
tests: rename 'test-module-import.t' into 'test-check-module-import.t'...
r28275
$ cat > testpackage/multiple.py << EOF
> from __future__ import absolute_import
> import os, sys
> EOF
$ cat > testpackage/unsorted.py << EOF
> from __future__ import absolute_import
> import sys
> import os
> EOF
$ cat > testpackage/stdafterlocal.py << EOF
> from __future__ import absolute_import
> from . import unsorted
> import os
> EOF
$ cat > testpackage/requirerelative.py << EOF
> from __future__ import absolute_import
> import testpackage.unsorted
> EOF
$ cat > testpackage/importalias.py << EOF
> from __future__ import absolute_import
> import ui
> EOF
$ cat > testpackage/relativestdlib.py << EOF
> from __future__ import absolute_import
> from .. import os
> EOF
$ cat > testpackage/symbolimport.py << EOF
> from __future__ import absolute_import
> from .unsorted import foo
> EOF
$ cat > testpackage/latesymbolimport.py << EOF
> from __future__ import absolute_import
> from . import unsorted
> from mercurial.node import hex
> EOF
$ cat > testpackage/multiplegroups.py << EOF
> from __future__ import absolute_import
> from . import unsorted
> from . import more
> EOF
$ mkdir testpackage/subpackage
$ cat > testpackage/subpackage/levelpriority.py << EOF
> from __future__ import absolute_import
> from . import foo
> from .. import parent
> EOF
$ touch testpackage/subpackage/foo.py
$ cat > testpackage/subpackage/__init__.py << EOF
> from __future__ import absolute_import
> from . import levelpriority # should not cause cycle
> EOF
$ cat > testpackage/subpackage/localimport.py << EOF
> from __future__ import absolute_import
> from . import foo
> def bar():
> # should not cause "higher-level import should come first"
> from .. import unsorted
> # but other errors should be detected
> from .. import more
> import testpackage.subpackage.levelpriority
> EOF
$ cat > testpackage/importmodulefromsub.py << EOF
> from __future__ import absolute_import
> from .subpackage import foo # not a "direct symbol import"
> EOF
$ cat > testpackage/importsymbolfromsub.py << EOF
> from __future__ import absolute_import
> from .subpackage import foo, nonmodule
> EOF
$ cat > testpackage/sortedentries.py << EOF
> from __future__ import absolute_import
> from . import (
> foo,
> bar,
> )
> EOF
$ cat > testpackage/importfromalias.py << EOF
> from __future__ import absolute_import
> from . import ui
> EOF
$ cat > testpackage/importfromrelative.py << EOF
> from __future__ import absolute_import
> from testpackage.unsorted import foo
> EOF
Yuya Nishihara
import-checker: extend check of symbol-import order to all local modules...
r29208 $ mkdir testpackage2
$ touch testpackage2/__init__.py
$ cat > testpackage2/latesymbolimport.py << EOF
> from __future__ import absolute_import
> from testpackage import unsorted
> from mercurial.node import hex
> EOF
$ python "$import_checker" testpackage*/*.py testpackage/subpackage/*.py
Pierre-Yves David
tests: rename 'test-module-import.t' into 'test-check-module-import.t'...
r28275 testpackage/importalias.py:2: ui module must be "as" aliased to uimod
testpackage/importfromalias.py:2: ui from testpackage must be "as" aliased to uimod
testpackage/importfromrelative.py:2: import should be relative: testpackage.unsorted
testpackage/importfromrelative.py:2: direct symbol import foo from testpackage.unsorted
testpackage/importsymbolfromsub.py:2: direct symbol import nonmodule from testpackage.subpackage
testpackage/latesymbolimport.py:3: symbol import follows non-symbol import: mercurial.node
testpackage/multiple.py:2: multiple imported names: os, sys
testpackage/multiplegroups.py:3: multiple "from . import" statements
testpackage/relativestdlib.py:2: relative import of stdlib module
testpackage/requirerelative.py:2: import should be relative: testpackage.unsorted
testpackage/sortedentries.py:2: imports from testpackage not lexically sorted: bar < foo
timeless
import-checker: report local with stdlib late warning...
r28330 testpackage/stdafterlocal.py:3: stdlib import "os" follows local import: testpackage
Pierre-Yves David
tests: rename 'test-module-import.t' into 'test-check-module-import.t'...
r28275 testpackage/subpackage/levelpriority.py:3: higher-level import should come first: testpackage
testpackage/subpackage/localimport.py:7: multiple "from .. import" statements
testpackage/subpackage/localimport.py:8: import should be relative: testpackage.subpackage.levelpriority
testpackage/symbolimport.py:2: direct symbol import foo from testpackage.unsorted
testpackage/unsorted.py:3: imports not lexically sorted: os < sys
Yuya Nishihara
import-checker: extend check of symbol-import order to all local modules...
r29208 testpackage2/latesymbolimport.py:3: symbol import follows non-symbol import: mercurial.node
Pierre-Yves David
tests: rename 'test-module-import.t' into 'test-check-module-import.t'...
r28275 [1]
$ cd "$TESTDIR"/..
There are a handful of cases here that require renaming a module so it
doesn't overlap with a stdlib module name. There are also some cycles
here that we should still endeavor to fix, and some cycles will be
hidden by deduplication algorithm in the cycle detector, so fixing
these may expose other cycles.
Yuya Nishihara
tests: enable import checker for tests/**.py files...
r28844 Known-bad files are excluded by -X as some of them would produce unstable
outputs, which should be fixed later.
Yuya Nishihara
tests: enable import checker for all python files (including no .py files)...
r29234 $ hg locate 'set:**.py or grep(r"^#!.*?python")' \
timeless
tests: run import-checker with tests .t files
r28923 > 'tests/**.t' \
Yuya Nishihara
tests: enable import checker for all **.py files...
r29212 > -X contrib/debugshell.py \
Gregory Szorc
zstd: vendor python-zstandard 0.5.0...
r30435 > -X contrib/python-zstandard/ \
Yuya Nishihara
tests: enable import checker for all **.py files...
r29212 > -X contrib/win32/hgwebdir_wsgi.py \
> -X doc/gendoc.py \
> -X doc/hgmanpage.py \
Yuya Nishihara
tests: enable import checker for all python files (including no .py files)...
r29234 > -X i18n/posplit \
Yuya Nishihara
tests: enable import checker for tests/**.py files...
r28844 > -X tests/test-hgweb-auth.py \
> -X tests/hypothesishelpers.py \
> -X tests/test-ctxmanager.py \
> -X tests/test-lock.py \
> -X tests/test-verify-repo-operations.py \
timeless
tests: run import-checker with tests .t files
r28923 > -X tests/test-hook.t \
> -X tests/test-import.t \
> -X tests/test-check-module-imports.t \
> -X tests/test-commit-interactive.t \
> -X tests/test-contrib-check-code.t \
> -X tests/test-extension.t \
> -X tests/test-hghave.t \
> -X tests/test-hgweb-no-path-info.t \
> -X tests/test-hgweb-no-request-uri.t \
> -X tests/test-hgweb-non-interactive.t \
Yuya Nishihara
tests: enable import checker for tests/**.py files...
r28844 > | sed 's-\\-/-g' | python "$import_checker" -