##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r28861:86db5cb5 default
r32050:77eaf953 4.1.3 stable
Show More
test-wireproto.py
61 lines | 1.4 KiB | text/x-python | PythonLexer
/ tests / test-wireproto.py
Pulkit Goyal
py3: make test-wireproto use print_function
r28675 from __future__ import absolute_import, print_function
Gregory Szorc
tests: use absolulte_import in test-wireproto.py
r27301
timeless
py3: use multi-line import in test-wireproto.py...
r28860 from mercurial import (
timeless
pycompat: switch to util.stringio for py3 compat
r28861 util,
timeless
py3: use multi-line import in test-wireproto.py...
r28860 wireproto,
)
timeless
pycompat: switch to util.stringio for py3 compat
r28861 stringio = util.stringio
Thomas Arendsen Hein
test-wireprotocol.py: rename to test-wireproto.py for consistency...
r14765
class proto(object):
def __init__(self, args):
self.args = args
def getargs(self, spec):
args = self.args
args.setdefault('*', {})
names = spec.split()
return [args[n] for n in names]
Peter Arrenbrecht
peer: introduce real peer classes...
r17192 class clientpeer(wireproto.wirepeer):
Thomas Arendsen Hein
test-wireprotocol.py: rename to test-wireproto.py for consistency...
r14765 def __init__(self, serverrepo):
self.serverrepo = serverrepo
Augie Fackler
batching: migrate basic noop batching into peer.peer...
r25912
def _capabilities(self):
return ['batch']
Thomas Arendsen Hein
test-wireprotocol.py: rename to test-wireproto.py for consistency...
r14765 def _call(self, cmd, **args):
return wireproto.dispatch(self.serverrepo, proto(args), cmd)
Augie Fackler
wireproto: make iterbatcher behave streamily over http(s)...
r28438 def _callstream(self, cmd, **args):
timeless
pycompat: switch to util.stringio for py3 compat
r28861 return stringio(self._call(cmd, **args))
Augie Fackler
wireproto: make iterbatcher behave streamily over http(s)...
r28438
Thomas Arendsen Hein
test-wireprotocol.py: rename to test-wireproto.py for consistency...
r14765 @wireproto.batchable
def greet(self, name):
f = wireproto.future()
Augie Fackler
test-wireproto: move from dict() construction to {} literals...
r20686 yield {'name': mangle(name)}, f
Thomas Arendsen Hein
test-wireprotocol.py: rename to test-wireproto.py for consistency...
r14765 yield unmangle(f.value)
class serverrepo(object):
def greet(self, name):
return "Hello, " + name
Pierre-Yves David
clfilter: make localpeer use a repo with "unserved" filter...
r18278 def filtered(self, name):
return self
Thomas Arendsen Hein
test-wireprotocol.py: rename to test-wireproto.py for consistency...
r14765 def mangle(s):
return ''.join(chr(ord(c) + 1) for c in s)
def unmangle(s):
return ''.join(chr(ord(c) - 1) for c in s)
def greet(repo, proto, name):
return mangle(repo.greet(unmangle(name)))
wireproto.commands['greet'] = (greet, 'name',)
srv = serverrepo()
Peter Arrenbrecht
peer: introduce real peer classes...
r17192 clt = clientpeer(srv)
Thomas Arendsen Hein
test-wireprotocol.py: rename to test-wireproto.py for consistency...
r14765
Pulkit Goyal
py3: make test-wireproto use print_function
r28675 print(clt.greet("Foobar"))
Thomas Arendsen Hein
test-wireprotocol.py: rename to test-wireproto.py for consistency...
r14765 b = clt.batch()
Augie Fackler
wireproto: correctly escape batched args and responses (issue4739)...
r25708 fs = [b.greet(s) for s in ["Fo, =;:<o", "Bar"]]
Thomas Arendsen Hein
test-wireprotocol.py: rename to test-wireproto.py for consistency...
r14765 b.submit()
Pulkit Goyal
py3: make test-wireproto use print_function
r28675 print([f.value for f in fs])