##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r30843:2fb3ae89 stable
r32050:77eaf953 4.1.3 stable
Show More
test-contrib-check-commit.t
139 lines | 5.1 KiB | text/troff | Tads3Lexer
/ tests / test-contrib-check-commit.t
Pierre-Yves David
check-commit: add a test for the patch checking script in contrib...
r27328 Test the 'check-commit' script
==============================
Matt Mackall
tests: extend check-commit self-tests...
r27700 A fine patch:
Pierre-Yves David
check-commit: add a test for the patch checking script in contrib...
r27328
$ cat > patch-with-long-header.diff << EOF
> # HG changeset patch
> # User timeless <timeless@mozdev.org>
> # Date 1448911706 0
> # Mon Nov 30 19:28:26 2015 +0000
> # Node ID c41cb6d2b7dbd62b1033727f8606b8c09fc4aa88
> # Parent 42aa0e570eaa364a622bc4443b0bcb79b1100a58
> # ClownJoke This is a veryly long header that should not be warned about because its not the description
Matt Mackall
tests: extend check-commit self-tests...
r27700 > bundle2: use Oxford comma (issue123) (BC)
>
> diff --git a/hgext/transplant.py b/hgext/transplant.py
> --- a/hgext/transplant.py
> +++ b/hgext/transplant.py
> @@ -599,7 +599,7 @@
> return
> if not (opts.get('source') or revs or
> opts.get('merge') or opts.get('branch')):
> - raise error.Abort(_('no source URL, branch revision or revision '
> + raise error.Abort(_('no source URL, branch revision, or revision '
> 'list provided'))
> if opts.get('all'):
>
> + def blahblah(x):
> + pass
> EOF
$ cat patch-with-long-header.diff | $TESTDIR/../contrib/check-commit
Augie Fackler
contrib: fix check-commit to not reject commits from `hg sign` and `hg tag`...
r30843 This would normally be against the rules, but it's okay because that's
what tagging and signing looks like:
$ cat > creates-a-tag.diff << EOF
> # HG changeset patch
> # User Augie Fackler <raf@durin42.com>
> # Date 1484787778 18000
> # Wed Jan 18 20:02:58 2017 -0500
> # Branch stable
> # Node ID c177635e4acf52923bc3aa9f72a5b1ad1197b173
> # Parent a1dd2c0c479e0550040542e392e87bc91262517e
> Added tag 4.1-rc for changeset a1dd2c0c479e
>
> diff --git a/.hgtags b/.hgtags
> --- a/.hgtags
> +++ b/.hgtags
> @@ -150,3 +150,4 @@ 438173c415874f6ac653efc1099dec9c9150e90f
> eab27446995210c334c3d06f1a659e3b9b5da769 4.0
> b3b1ae98f6a0e14c1e1ba806a6c18e193b6dae5c 4.0.1
> e69874dc1f4e142746ff3df91e678a09c6fc208c 4.0.2
> +a1dd2c0c479e0550040542e392e87bc91262517e 4.1-rc
> EOF
$ $TESTDIR/../contrib/check-commit < creates-a-tag.diff
Matt Mackall
tests: extend check-commit self-tests...
r27700 A patch with lots of errors:
$ cat > patch-with-long-header.diff << EOF
> # HG changeset patch
> # User timeless
> # Date 1448911706 0
> # Mon Nov 30 19:28:26 2015 +0000
> # Node ID c41cb6d2b7dbd62b1033727f8606b8c09fc4aa88
> # Parent 42aa0e570eaa364a622bc4443b0bcb79b1100a58
> # ClownJoke This is a veryly long header that should not be warned about because its not the description
> transplant/foo: this summary is way too long use Oxford comma (bc) (bug123) (issue 244)
Pierre-Yves David
check-commit: add a test for the patch checking script in contrib...
r27328 >
> diff --git a/hgext/transplant.py b/hgext/transplant.py
> --- a/hgext/transplant.py
> +++ b/hgext/transplant.py
> @@ -599,7 +599,7 @@
> return
> if not (opts.get('source') or revs or
> opts.get('merge') or opts.get('branch')):
> - raise error.Abort(_('no source URL, branch revision or revision '
> + raise error.Abort(_('no source URL, branch revision, or revision '
> 'list provided'))
> if opts.get('all'):
> EOF
$ cat patch-with-long-header.diff | $TESTDIR/../contrib/check-commit
timeless
check-commit: sort errors by line number
r27783 1: username is not an email address
# User timeless
7: summary keyword should be most user-relevant one-word command or topic
Matt Mackall
tests: extend check-commit self-tests...
r27700 transplant/foo: this summary is way too long use Oxford comma (bc) (bug123) (issue 244)
timeless
check-commit: sort errors by line number
r27783 7: (BC) needs to be uppercase
Matt Mackall
tests: extend check-commit self-tests...
r27700 transplant/foo: this summary is way too long use Oxford comma (bc) (bug123) (issue 244)
7: use (issueDDDD) instead of bug
transplant/foo: this summary is way too long use Oxford comma (bc) (bug123) (issue 244)
timeless
check-commit: sort errors by line number
r27783 7: no space allowed between issue and number
Matt Mackall
tests: extend check-commit self-tests...
r27700 transplant/foo: this summary is way too long use Oxford comma (bc) (bug123) (issue 244)
7: summary line too long (limit is 78)
transplant/foo: this summary is way too long use Oxford comma (bc) (bug123) (issue 244)
[1]
A patch with other errors:
$ cat > patch-with-long-header.diff << EOF
> # HG changeset patch
> # User timeless
> # Date 1448911706 0
> # Mon Nov 30 19:28:26 2015 +0000
> # Node ID c41cb6d2b7dbd62b1033727f8606b8c09fc4aa88
> # Parent 42aa0e570eaa364a622bc4443b0bcb79b1100a58
> # ClownJoke This is a veryly long header that should not be warned about because its not the description
> This has no topic and ends with a period.
>
> diff --git a/hgext/transplant.py b/hgext/transplant.py
> --- a/hgext/transplant.py
> +++ b/hgext/transplant.py
> @@ -599,7 +599,7 @@
> if opts.get('all'):
>
Matt Mackall
check-commit: check for double-addition of blank lines...
r28013 >
> +
> + some = otherjunk
> +
Matt Mackall
tests: extend check-commit self-tests...
r27700 > +
> + def blah_blah(x):
> + pass
> +
>
> EOF
$ cat patch-with-long-header.diff | $TESTDIR/../contrib/check-commit
1: username is not an email address
# User timeless
timeless
check-commit: sort errors by line number
r27783 7: don't capitalize summary lines
Matt Mackall
tests: extend check-commit self-tests...
r27700 This has no topic and ends with a period.
timeless
check-commit: sort errors by line number
r27783 7: summary line doesn't start with 'topic: '
Matt Mackall
tests: extend check-commit self-tests...
r27700 This has no topic and ends with a period.
7: don't add trailing period on summary line
This has no topic and ends with a period.
timeless
check-commit: sort errors by line number
r27783 19: adds double empty line
+
Matt Mackall
check-commit: check for double-addition of blank lines...
r28013 20: adds a function with foo_bar naming
+ def blah_blah(x):
23: adds double empty line
+
Matt Mackall
tests: extend check-commit self-tests...
r27700 [1]