##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r29883:0c8c388c default
r32050:77eaf953 4.1.3 stable
Show More
test-lock-badness.t
78 lines | 2.0 KiB | text/troff | Tads3Lexer
/ tests / test-lock-badness.t
Matt Mackall
tests: change some #ifs to #requires
r22047 #require unix-permissions no-root no-windows
Mads Kiilerich
localrepo: give a sigh of relief when getting lock after waiting for it...
r20380
Prepare
Adrian Buehlmann
tests: unify test-lock-badness
r12071 $ hg init a
$ echo a > a/a
$ hg -R a ci -A -m a
adding a
$ hg clone a b
updating to branch default
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
Siddharth Agarwal
lock: while releasing, unlink lockfile even if the release function throws...
r23032 Test that raising an exception in the release function doesn't cause the lock to choke
$ cat > testlock.py << EOF
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 > from mercurial import cmdutil, error, error
Siddharth Agarwal
lock: while releasing, unlink lockfile even if the release function throws...
r23032 >
> cmdtable = {}
> command = cmdutil.command(cmdtable)
>
> def acquiretestlock(repo, releaseexc):
> def unlock():
> if releaseexc:
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 > raise error.Abort('expected release exception')
Siddharth Agarwal
lock: while releasing, unlink lockfile even if the release function throws...
r23032 > l = repo._lock(repo.vfs, 'testlock', False, unlock, None, 'test lock')
> return l
>
> @command('testlockexc')
> def testlockexc(ui, repo):
> testlock = acquiretestlock(repo, True)
> try:
> testlock.release()
> finally:
> try:
> testlock = acquiretestlock(repo, False)
> except error.LockHeld:
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 > raise error.Abort('lockfile on disk even after releasing!')
Siddharth Agarwal
lock: while releasing, unlink lockfile even if the release function throws...
r23032 > testlock.release()
> EOF
$ cat >> $HGRCPATH << EOF
> [extensions]
> testlock=$TESTTMP/testlock.py
> EOF
$ hg -R b testlockexc
abort: expected release exception
[255]
Mads Kiilerich
localrepo: give a sigh of relief when getting lock after waiting for it...
r20380 One process waiting for another
$ cat > hooks.py << EOF
> import time
> def sleepone(**x): time.sleep(1)
> def sleephalf(**x): time.sleep(0.5)
> EOF
Adrian Buehlmann
tests: unify test-lock-badness
r12071 $ echo b > b/b
Mads Kiilerich
localrepo: give a sigh of relief when getting lock after waiting for it...
r20380 $ hg -R b ci -A -m b --config hooks.precommit="python:`pwd`/hooks.py:sleepone" > stdout &
timeless
tests: test-lock-badness.t message could come later...
r29008 $ hg -R b up -q --config hooks.pre-update="python:`pwd`/hooks.py:sleephalf" \
> > preup 2>&1
$ wait
$ cat preup
Mark Ignacio
lock: show more detail for new-style locks in lock waiting message (issue4752)...
r29883 waiting for lock on working directory of b held by process '*' on host '*' (glob)
timeless
tests: test-lock-badness.t message could come later...
r29008 got lock after * seconds (glob)
Mads Kiilerich
localrepo: give a sigh of relief when getting lock after waiting for it...
r20380 $ cat stdout
Adrian Buehlmann
tests: unify test-lock-badness
r12071 adding b
Mads Kiilerich
localrepo: give a sigh of relief when getting lock after waiting for it...
r20380 Pushing to a local read-only repo that can't be locked
Adrian Buehlmann
tests: unify test-lock-badness
r12071 $ chmod 100 a/.hg/store
$ hg -R b push a
pushing to a
Pierre-Yves David
localrepo: add unbundle support...
r20969 searching for changes
Adrian Buehlmann
tests: unify test-lock-badness
r12071 abort: could not lock repository a: Permission denied
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Adrian Buehlmann
tests: unify test-lock-badness
r12071
$ chmod 700 a/.hg/store