##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r30559:d83ca854 default
r32050:77eaf953 4.1.3 stable
Show More
test-commit-multiple.t
131 lines | 3.5 KiB | text/troff | Tads3Lexer
/ tests / test-commit-multiple.t
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 # reproduce issue2264, issue2516
create test repo
$ cat <<EOF >> $HGRCPATH
> [extensions]
> transplant =
> EOF
$ hg init repo
$ cd repo
$ template="{rev} {desc|firstline} [{branch}]\n"
# we need to start out with two changesets on the default branch
# in order to avoid the cute little optimization where transplant
# pulls rather than transplants
add initial changesets
$ echo feature1 > file1
$ hg ci -Am"feature 1"
adding file1
$ echo feature2 >> file2
$ hg ci -Am"feature 2"
adding file2
# The changes to 'bugfix' are enough to show the bug: in fact, with only
# those changes, it's a very noisy crash ("RuntimeError: nothing
# committed after transplant"). But if we modify a second file in the
# transplanted changesets, the bug is much more subtle: transplant
# silently drops the second change to 'bugfix' on the floor, and we only
# see it when we run 'hg status' after transplanting. Subtle data loss
# bugs are worse than crashes, so reproduce the subtle case here.
commit bug fixes on bug fix branch
$ hg branch fixes
marked working directory as branch fixes
Matt Mackall
branch: warn on branching
r15615 (branches are permanent and global, did you want a bookmark?)
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 $ echo fix1 > bugfix
$ echo fix1 >> file1
$ hg ci -Am"fix 1"
adding bugfix
$ echo fix2 > bugfix
$ echo fix2 >> file1
$ hg ci -Am"fix 2"
Martin Geisler
tests: don't load unnecessary graphlog extension...
r20117 $ hg log -G --template="$template"
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 @ 3 fix 2 [fixes]
|
o 2 fix 1 [fixes]
|
o 1 feature 2 [default]
|
o 0 feature 1 [default]
transplant bug fixes onto release branch
$ hg update 0
1 files updated, 0 files merged, 2 files removed, 0 files unresolved
$ hg branch release
marked working directory as branch release
$ hg transplant 2 3
applying [0-9a-f]{12} (re)
[0-9a-f]{12} transplanted to [0-9a-f]{12} (re)
applying [0-9a-f]{12} (re)
[0-9a-f]{12} transplanted to [0-9a-f]{12} (re)
Martin Geisler
tests: don't load unnecessary graphlog extension...
r20117 $ hg log -G --template="$template"
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 @ 5 fix 2 [release]
|
o 4 fix 1 [release]
|
| o 3 fix 2 [fixes]
| |
| o 2 fix 1 [fixes]
| |
| o 1 feature 2 [default]
|/
o 0 feature 1 [default]
$ hg status
$ hg status --rev 0:4
M file1
A bugfix
$ hg status --rev 4:5
M bugfix
M file1
now test that we fixed the bug for all scripts/extensions
$ cat > $TESTTMP/committwice.py <<__EOF__
> from mercurial import ui, hg, match, node
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 > from time import sleep
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 >
> def replacebyte(fn, b):
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 > f = open(fn, "rb+")
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 > f.seek(0, 0)
> f.write(b)
> f.close()
>
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 > def printfiles(repo, rev):
> print "revision %s files: %s" % (rev, repo[rev].files())
>
Yuya Nishihara
ui: factor out ui.load() to create a ui without loading configs (API)...
r30559 > repo = hg.repository(ui.ui.load(), '.')
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 > assert len(repo) == 6, \
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 > "initial: len(repo): %d, expected: 6" % len(repo)
>
> replacebyte("bugfix", "u")
> sleep(2)
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 > try:
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 > print "PRE: len(repo): %d" % len(repo)
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 > wlock = repo.wlock()
> lock = repo.lock()
> replacebyte("file1", "x")
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 > repo.commit(text="x", user="test", date=(0, 0))
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 > replacebyte("file1", "y")
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 > repo.commit(text="y", user="test", date=(0, 0))
> print "POST: len(repo): %d" % len(repo)
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 > finally:
> lock.release()
> wlock.release()
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 > printfiles(repo, 6)
> printfiles(repo, 7)
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 > __EOF__
$ $PYTHON $TESTTMP/committwice.py
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 PRE: len(repo): 6
POST: len(repo): 8
revision 6 files: ['bugfix', 'file1']
revision 7 files: ['file1']
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704
Do a size-preserving modification outside of that process
$ echo abcd > bugfix
$ hg status
M bugfix
$ hg log --template "{rev} {desc} {files}\n" -r5:
5 fix 2 bugfix file1
Adrian Buehlmann
test-commit-multiple.t: improve committwice.py...
r13749 6 x bugfix file1
Greg Ward
dirstate: avoid a race with multiple commits in the same process...
r13704 7 y file1
Mads Kiilerich
tests: add missing trailing 'cd ..'...
r16913
$ cd ..