upstream/mercurial-mirror Files · tests/test-trusted.py.out

dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...

dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

Martijn Pieters - - Load All Authors

File last commit:

r31472:75e4bae5 default


                r32050:77eaf953

4.1.3 stable

Download file

             test-trusted.py.out
        
                    179 lines
            
             | 4.1 KiB
            
                | text/plain
            
             |
                TextLexer

/ tests / test-trusted.py.out

History | Source | Raw |Copy content |Copy permalink

Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	# same user, same group
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# same user, different group
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# different user, same group
Martin Geisler ui: lowercase "not trusting file" warning message	r16939	not trusting file .hg/hgrc from untrusted user abc, group bar
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# different user, same group, but we trust the group
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# different user, different group
Martin Geisler ui: lowercase "not trusting file" warning message	r16939	not trusting file .hg/hgrc from untrusted user abc, group def
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# different user, different group, but we trust the user
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# different user, different group, but we trust the group
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# different user, different group, but we trust the user and the group
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# we trust all users
		# different user, different group
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# we trust all groups
		# different user, different group
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# we trust all users and groups
		# different user, different group
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# we don't get confused by users and groups with the same name
		# different user, different group
Martin Geisler ui: lowercase "not trusting file" warning message	r16939	not trusting file .hg/hgrc from untrusted user abc, group def
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# list of user names
		# different user, different group, but we trust the user
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# list of group names
		# different user, different group, but we trust the group
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
		local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
		# Can't figure out the name of the user running this process
		# different user, different group
Martin Geisler ui: lowercase "not trusting file" warning message	r16939	not trusting file .hg/hgrc from untrusted user abc, group def
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551	global = /some/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	untrusted
		. . global = /some/path
		. . local = /another/path
Alexis S. L. Carvalho Only read .hg/hgrc files from trusted users/groups...	r3551
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	# prints debug warnings
		# different user, different group
Martin Geisler ui: lowercase "not trusting file" warning message	r16939	not trusting file .hg/hgrc from untrusted user abc, group def
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted
Matt Mackall ui: report_untrusted fixes...	r8204	ignoring untrusted configuration option paths.local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	global = /some/path
		untrusted
		. . global = /some/path
Pulkit Goyal tests: make test-trusted use print_function...	r28934	. ignoring untrusted configuration option paths.local = /another/path
Matt Mackall ui: report_untrusted fixes...	r8204	. local = /another/path
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552
Ry4an Brase ui: always report untrusted hgrc files when debug enabled...	r13493	# report_untrusted enabled without debug hides warnings
		# different user, different group
		trusted
		global = /some/path
		untrusted
		. . global = /some/path
		. . local = /another/path

		# report_untrusted enabled with debug shows warnings
		# different user, different group
Martin Geisler ui: lowercase "not trusting file" warning message	r16939	not trusting file .hg/hgrc from untrusted user abc, group def
Ry4an Brase ui: always report untrusted hgrc files when debug enabled...	r13493	trusted
		ignoring untrusted configuration option paths.local = /another/path
		global = /some/path
		untrusted
		. . global = /some/path
Pulkit Goyal tests: make test-trusted use print_function...	r28934	. ignoring untrusted configuration option paths.local = /another/path
Ry4an Brase ui: always report untrusted hgrc files when debug enabled...	r13493	. local = /another/path

Matt Mackall ui: fold readsections into readconfig...	r8142	# ui.readconfig sections
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	quux

		# read trusted, untrusted, new ui, trusted
Martin Geisler ui: lowercase "not trusting file" warning message	r16939	not trusting file foobar from untrusted user abc, group def
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	trusted:
Matt Mackall ui: report_untrusted fixes...	r8204	ignoring untrusted configuration option foobar.baz = quux
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	None
		untrusted:
		quux

		# error handling
		# file doesn't exist
		# same user, same group
		# different user, different group

		# parse error
		# different user, different group
Martin Geisler ui: lowercase "not trusting file" warning message	r16939	not trusting file .hg/hgrc from untrusted user abc, group def
Matt Mackall error: update test-trusted.py	r11291	('foo', '.hg/hgrc:1')
Alexis S. L. Carvalho save settings from untrusted config files in a separate configparser...	r3552	# same user, same group
Matt Mackall error: update test-trusted.py	r11291	('foo', '.hg/hgrc:1')

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages