##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r29968:0342bf29 default
r32050:77eaf953 4.1.3 stable
Show More
test-mq-safety.t
215 lines | 4.8 KiB | text/troff | Tads3Lexer
Nicolas Dumazet
tests: unify test-mq-safety
r11898 $ echo '[extensions]' >> $HGRCPATH
Pierre-Yves David
mq: prevent rewriting operation on public changeset...
r16048 $ echo 'hgext.mq =' >> $HGRCPATH
Nicolas Dumazet
tests: unify test-mq-safety
r11898
$ hg init repo
$ cd repo
$ echo foo > foo
$ hg ci -qAm 'add a file'
$ hg qinit
$ hg qnew foo
$ echo foo >> foo
$ hg qrefresh -m 'append foo'
$ hg qnew bar
$ echo bar >> foo
$ hg qrefresh -m 'append bar'
Pierre-Yves David
mq: prevent rewriting operation on public changeset...
r16048 Try to operate on public mq changeset
$ hg qpop
popping bar
now at: foo
$ hg phase --public qbase
$ echo babar >> foo
$ hg qref
timeless@mozdev.org
mq: consistently use qrefresh
r26780 abort: cannot qrefresh public revision
timeless
mq: use single quotes in use warning
r29968 (see 'hg help phases' for details)
Pierre-Yves David
mq: prevent rewriting operation on public changeset...
r16048 [255]
$ hg revert -a
reverting foo
$ hg qpop
Jordi Gutiérrez Hermoso
phases: rewrite "immutable changeset" to "public changeset"...
r25411 abort: popping would remove a public revision
timeless
mq: use single quotes in use warning
r29968 (see 'hg help phases' for details)
Pierre-Yves David
mq: prevent rewriting operation on public changeset...
r16048 [255]
$ hg qfold bar
timeless@mozdev.org
mq: consistently use qrefresh
r26780 abort: cannot qrefresh public revision
timeless
mq: use single quotes in use warning
r29968 (see 'hg help phases' for details)
Pierre-Yves David
mq: prevent rewriting operation on public changeset...
r16048 [255]
$ hg revert -a
reverting foo
restore state for remaining test
$ hg qpush
applying bar
now at: bar
Nicolas Dumazet
tests: unify test-mq-safety
r11898
try to commit on top of a patch
$ echo quux >> foo
$ hg ci -m 'append quux'
abort: cannot commit over an applied mq patch
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Nicolas Dumazet
tests: unify test-mq-safety
r11898
cheat a bit...
$ mv .hg/patches .hg/patches2
$ hg ci -m 'append quux'
$ mv .hg/patches2 .hg/patches
qpop/qrefresh on the wrong revision
$ hg qpop
abort: popping would remove a revision not managed by this patch queue
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Nicolas Dumazet
tests: mq-safety: use regular expression instead of sed
r12108 $ hg qpop -n patches
Mads Kiilerich
tests: make (glob) on windows accept \ instead of /...
r15447 using patch queue: $TESTTMP/repo/.hg/patches (glob)
Nicolas Dumazet
tests: unify test-mq-safety
r11898 abort: popping would remove a revision not managed by this patch queue
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Nicolas Dumazet
tests: unify test-mq-safety
r11898 $ hg qrefresh
abort: working directory revision is not qtip
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Nicolas Dumazet
tests: unify test-mq-safety
r11898
$ hg up -C qtip
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ hg qpop
abort: popping would remove a revision not managed by this patch queue
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Nicolas Dumazet
tests: unify test-mq-safety
r11898 $ hg qrefresh
timeless@mozdev.org
mq: consistently use qrefresh
r26780 abort: cannot qrefresh a revision with children
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Nicolas Dumazet
tests: unify test-mq-safety
r11898 $ hg tip --template '{rev} {desc}\n'
3 append quux
qpush warning branchheads
$ cd ..
$ hg init branchy
$ cd branchy
$ echo q > q
$ hg add q
$ hg qnew -f qp
$ hg qpop
popping qp
patch queue now empty
$ echo a > a
$ hg ci -Ama
adding a
$ hg up null
0 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ hg branch b
marked working directory as branch b
Matt Mackall
branch: warn on branching
r15615 (branches are permanent and global, did you want a bookmark?)
Nicolas Dumazet
tests: unify test-mq-safety
r11898 $ echo c > c
$ hg ci -Amc
adding c
$ hg merge default
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
(branch merge, don't forget to commit)
$ hg ci -mmerge
$ hg up default
0 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ hg log
changeset: 2:65309210bf4e
branch: b
tag: tip
parent: 1:707adb4c8ae1
parent: 0:cb9a9f314b8b
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: merge
changeset: 1:707adb4c8ae1
branch: b
parent: -1:000000000000
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: c
changeset: 0:cb9a9f314b8b
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: a
$ hg qpush
applying qp
now at: qp
Matt Mackall
merge with stable
r12380
Testing applied patches, push and --force
$ cd ..
$ hg init forcepush
$ cd forcepush
$ echo a > a
$ hg ci -Am adda
adding a
$ echo a >> a
$ hg ci -m changea
$ hg up 0
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ hg branch branch
marked working directory as branch branch
Matt Mackall
branch: warn on branching
r15615 (branches are permanent and global, did you want a bookmark?)
Matt Mackall
merge with stable
r12380 $ echo b > b
$ hg ci -Am addb
adding b
$ hg up 0
0 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ hg --cwd .. clone -r 0 forcepush forcepush2
adding changesets
adding manifests
adding file changes
added 1 changesets with 1 changes to 1 files
updating to branch default
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ echo a >> a
$ hg qnew patch
Pushing applied patch with --rev without --force
Pierre-Yves David
mq-safety: don't apply safety on non-outgoing changeset...
r15952 $ hg push -r . ../forcepush2
Matt Mackall
merge with stable
r12380 pushing to ../forcepush2
abort: source has mq patches applied
[255]
Pushing applied patch with branchhash, without --force
$ hg push ../forcepush2#default
pushing to ../forcepush2
abort: source has mq patches applied
[255]
Pushing revs excluding applied patch
Matt Harbison
tests: convert a push test to use revsets
r17199 $ hg push --new-branch -r 'branch(branch)' -r 2 ../forcepush2
Matt Mackall
merge with stable
r12380 pushing to ../forcepush2
searching for changes
adding changesets
adding manifests
adding file changes
added 1 changesets with 1 changes to 1 files
Pushing applied patch with --force
Pierre-Yves David
mq-safety: don't apply safety on non-outgoing changeset...
r15952 $ hg phase --force --secret 'mq()'
Matt Mackall
merge with stable
r12380 $ hg push --force -r default ../forcepush2
pushing to ../forcepush2
searching for changes
Matt Mackall
scmutil: unify some 'no changes found' messages...
r15993 no changes found (ignored 1 secret changesets)
Matt Mackall
push: return 1 if no changes found (issue3228)...
r16023 [1]
Pierre-Yves David
mq-safety: don't apply safety on non-outgoing changeset...
r15952 $ hg phase --draft 'mq()'
Pierre-Yves David
mq: have mq create secret changeset only
r15926 $ hg push --force -r default ../forcepush2
pushing to ../forcepush2
searching for changes
Matt Mackall
merge with stable
r12380 adding changesets
adding manifests
adding file changes
added 1 changesets with 1 changes to 1 files (+1 heads)
Mads Kiilerich
tests: add missing trailing 'cd ..'...
r16913
$ cd ..