##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r31008:636cf3f7 default
r32050:77eaf953 4.1.3 stable
Show More
test-hgweb-raw.t
58 lines | 1.9 KiB | text/troff | Tads3Lexer
Matt Mackall
tests: replace exit 80 with #require
r22046 #require serve
Mads Kiilerich
tests: use 'hghave serve' to guard tests that requires serve daemon management
r15446
Matt Mackall
tests: unify test-hgweb-raw
r12441 Test raw style of hgweb
$ hg init test
$ cd test
$ mkdir sub
Mads Kiilerich
tests: use a different evil name in test-hgweb-raw.t...
r16973 $ cat >'sub/some text%.txt' <<ENDSOME
Matt Mackall
tests: unify test-hgweb-raw
r12441 > This is just some random text
> that will go inside the file and take a few lines.
> It is very boring to read, but computers don't
> care about things like that.
> ENDSOME
Mads Kiilerich
tests: use a different evil name in test-hgweb-raw.t...
r16973 $ hg add 'sub/some text%.txt'
Matt Mackall
tests: unify test-hgweb-raw
r12441 $ hg commit -d "1 0" -m "Just some text"
$ hg serve -p $HGPORT -A access.log -E error.log -d --pid-file=hg.pid
$ cat hg.pid >> $DAEMON_PIDS
Matt Mackall
tests: drop explicit $TESTDIR from executables...
r25472 $ (get-with-headers.py localhost:$HGPORT '?f=bf0ff59095c9;file=sub/some%20text%25.txt;style=raw' content-type content-length content-disposition) >getoutput.txt
Matt Mackall
tests: fix shutdown race in test-hgweb-raw
r16298
Matt Mackall
tests: drop explicit $TESTDIR from executables...
r25472 $ killdaemons.py hg.pid
Matt Mackall
tests: fix shutdown race in test-hgweb-raw
r16298
Matt Mackall
tests: unify test-hgweb-raw
r12441 $ cat getoutput.txt
200 Script output follows
Matt Mackall
hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)...
r15004 content-type: application/binary
content-length: 157
Mads Kiilerich
tests: use a different evil name in test-hgweb-raw.t...
r16973 content-disposition: inline; filename="some text%.txt"
Matt Mackall
hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)...
r15004
This is just some random text
that will go inside the file and take a few lines.
It is very boring to read, but computers don't
care about things like that.
$ cat access.log error.log
Mads Kiilerich
tests: use a different evil name in test-hgweb-raw.t...
r16973 127.0.0.1 - - [*] "GET /?f=bf0ff59095c9;file=sub/some%20text%25.txt;style=raw HTTP/1.1" 200 - (glob)
Matt Mackall
hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)...
r15004
$ rm access.log error.log
$ hg serve -p $HGPORT -A access.log -E error.log -d --pid-file=hg.pid \
> --config web.guessmime=True
$ cat hg.pid >> $DAEMON_PIDS
Matt Mackall
tests: drop explicit $TESTDIR from executables...
r25472 $ (get-with-headers.py localhost:$HGPORT '?f=bf0ff59095c9;file=sub/some%20text%25.txt;style=raw' content-type content-length content-disposition) >getoutput.txt
$ killdaemons.py hg.pid
Matt Mackall
tests: fix shutdown race in test-hgweb-raw
r16298
Matt Mackall
hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)...
r15004 $ cat getoutput.txt
200 Script output follows
Matt Mackall
tests: unify test-hgweb-raw
r12441 content-type: text/plain; charset="ascii"
content-length: 157
Mads Kiilerich
tests: use a different evil name in test-hgweb-raw.t...
r16973 content-disposition: inline; filename="some text%.txt"
Matt Mackall
tests: unify test-hgweb-raw
r12441
This is just some random text
that will go inside the file and take a few lines.
It is very boring to read, but computers don't
care about things like that.
$ cat access.log error.log
Mads Kiilerich
tests: use a different evil name in test-hgweb-raw.t...
r16973 127.0.0.1 - - [*] "GET /?f=bf0ff59095c9;file=sub/some%20text%25.txt;style=raw HTTP/1.1" 200 - (glob)
Matt Mackall
tests: unify test-hgweb-raw
r12441
Mads Kiilerich
tests: add missing trailing 'cd ..'...
r16913 $ cd ..