upstream/mercurial-mirror Files · tests/test-serve.t

server: ensure the incoming request falls under the prefix value...

server: ensure the incoming request falls under the prefix value Prior to this, the first test asserted in wsgiref.validate.check_environ() saying PATH didn't start with '/', but the second test served up the repo. The assertion was just added in this cycle (though the value of PATH is still wrong without the assertion). Allowing access to the repo at any URL outside of the prefix is a long standing bug. This also affected hgwebdir, at least when used via --subrepo. Paths are not being canonicalized, so accesses to things like 'foo/../bar' will get tossed out here, unless the prefix also matches.

Matt Harbison - - Load All Authors

File last commit:

r37288:7de7bd40 4.5.3 stable


                r37288:7de7bd40

4.5.3 stable

Download file

             test-serve.t
        
                    101 lines
            
             | 2.4 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-serve.t
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Matt Mackall
    
tests: replace exit 80 with #require

              r22046
            
      #require serve

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        $ hgserve()

        > {

        >    hg serve -a localhost -d --pid-file=hg.pid -E errors.log -v $@ \

        >        | sed -e "s/:$HGPORT1\\([^0-9]\\)/:HGPORT1\1/g" \

        >              -e "s/:$HGPORT2\\([^0-9]\\)/:HGPORT2\1/g" \

        >              -e 's/http:\/\/[^/]*\//http:\/\/localhost\//'

        >    cat hg.pid >> "$DAEMON_PIDS"

        >    echo % errors

        >    cat errors.log

        Matt Mackall
    
tests: drop explicit $TESTDIR from executables...

              r25472
            
        >    killdaemons.py hg.pid

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        > }

        $ hg init test

        $ cd test

        $ echo '[web]' > .hg/hgrc

        $ echo 'accesslog = access.log' >> .hg/hgrc

        $ echo "port = $HGPORT1" >> .hg/hgrc

      Without -v

        $ hg serve -a localhost -p $HGPORT -d --pid-file=hg.pid -E errors.log

        $ cat hg.pid >> "$DAEMON_PIDS"

        $ if [ -f access.log ]; then

        Mads Kiilerich
    
tests: fix incorrect markup of continued lines of sh commands

              r16487
            
        >     echo 'access log created - .hg/hgrc respected'

        > fi

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        access log created - .hg/hgrc respected

      errors

        $ cat errors.log

      With -v

        $ hgserve

        Matt Harbison
    
test-serve: make the 'listening at *' lines optional...

              r31769
            
        listening at http://localhost/ (bound to *$LOCALIP*:HGPORT1) (glob) (?)

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        % errors

      With -v and -p HGPORT2

        $ hgserve -p "$HGPORT2"

        Matt Harbison
    
test-serve: make the 'listening at *' lines optional...

              r31769
            
        listening at http://localhost/ (bound to *$LOCALIP*:HGPORT2) (glob) (?)

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        % errors

      With -v and -p daytime (should fail because low port)

        Matt Harbison
    
test-serve: disable unfixable tests on Windows...

              r31771
            
      #if no-root no-windows

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        $ KILLQUIETLY=Y

        $ hgserve -p daytime

        abort: cannot start server at 'localhost:13': Permission denied

        abort: child process failed to start

        % errors

        $ KILLQUIETLY=N

        Matt Mackall
    
tests: skip tests that require not having root (issue4089)...

              r20008
            
      #endif

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
      With --prefix foo

        $ hgserve --prefix foo

        Matt Harbison
    
test-serve: make the 'listening at *' lines optional...

              r31769
            
        listening at http://localhost/foo/ (bound to *$LOCALIP*:HGPORT1) (glob) (?)

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        % errors

      With --prefix /foo

        $ hgserve --prefix /foo

        Matt Harbison
    
test-serve: make the 'listening at *' lines optional...

              r31769
            
        listening at http://localhost/foo/ (bound to *$LOCALIP*:HGPORT1) (glob) (?)

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        % errors

      With --prefix foo/

        $ hgserve --prefix foo/

        Matt Harbison
    
test-serve: make the 'listening at *' lines optional...

              r31769
            
        listening at http://localhost/foo/ (bound to *$LOCALIP*:HGPORT1) (glob) (?)

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        % errors

      With --prefix /foo/

        $ hgserve --prefix /foo/

        Matt Harbison
    
test-serve: make the 'listening at *' lines optional...

              r31769
            
        listening at http://localhost/foo/ (bound to *$LOCALIP*:HGPORT1) (glob) (?)

        Patrick Mezard
    
tests: convert test-serve to new format

              r13540
            
        % errors

        Mads Kiilerich
    
tests: add missing trailing 'cd ..'...

              r16913
            
        Matt Harbison
    
server: ensure the incoming request falls under the prefix value...

              r37288
            
        $ $PYTHON $RUNTESTDIR/killdaemons.py $DAEMON_PIDS

      With out of bounds accesses

        $ rm access.log

        $ hg serve -a localhost -p $HGPORT -d --prefix some/dir \

        >    --pid-file=hg.pid -E errors.log

        $ cat hg.pid >> "$DAEMON_PIDS"

        $ hg id http://localhost:$HGPORT/some/dir7

        abort: HTTP Error 404: Not Found

        [255]

        $ hg id http://localhost:$HGPORT/some

        abort: HTTP Error 404: Not Found

        [255]

        $ cat access.log errors.log

        $LOCALIP - - [$LOGDATE$] "GET /some/dir7?cmd=capabilities HTTP/1.1" 404 - (glob)

        $LOCALIP - - [$LOGDATE$] "GET /some?cmd=capabilities HTTP/1.1" 404 - (glob)

        Mads Kiilerich
    
tests: add missing trailing 'cd ..'...

              r16913
            
        $ cd ..

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Matt Mackall tests: replace exit 80 with #require	r22046	#require serve
Patrick Mezard tests: convert test-serve to new format	r13540
		$ hgserve()
		> {
		> hg serve -a localhost -d --pid-file=hg.pid -E errors.log -v $@ \
		> \| sed -e "s/:$HGPORT1\\([^0-9]\\)/:HGPORT1\1/g" \
		> -e "s/:$HGPORT2\\([^0-9]\\)/:HGPORT2\1/g" \
		> -e 's/http:\/\/[^/]*\//http:\/\/localhost\//'
		> cat hg.pid >> "$DAEMON_PIDS"
		> echo % errors
		> cat errors.log
Matt Mackall tests: drop explicit $TESTDIR from executables...	r25472	> killdaemons.py hg.pid
Patrick Mezard tests: convert test-serve to new format	r13540	> }

		$ hg init test
		$ cd test
		$ echo '[web]' > .hg/hgrc
		$ echo 'accesslog = access.log' >> .hg/hgrc
		$ echo "port = $HGPORT1" >> .hg/hgrc

		Without -v

		$ hg serve -a localhost -p $HGPORT -d --pid-file=hg.pid -E errors.log
		$ cat hg.pid >> "$DAEMON_PIDS"
		$ if [ -f access.log ]; then
Mads Kiilerich tests: fix incorrect markup of continued lines of sh commands	r16487	> echo 'access log created - .hg/hgrc respected'
		> fi
Patrick Mezard tests: convert test-serve to new format	r13540	access log created - .hg/hgrc respected

		errors

		$ cat errors.log

		With -v

		$ hgserve
Matt Harbison test-serve: make the 'listening at *' lines optional...	r31769	listening at http://localhost/ (bound to $LOCALIP:HGPORT1) (glob) (?)
Patrick Mezard tests: convert test-serve to new format	r13540	% errors

		With -v and -p HGPORT2

		$ hgserve -p "$HGPORT2"
Matt Harbison test-serve: make the 'listening at *' lines optional...	r31769	listening at http://localhost/ (bound to $LOCALIP:HGPORT2) (glob) (?)
Patrick Mezard tests: convert test-serve to new format	r13540	% errors

		With -v and -p daytime (should fail because low port)

Matt Harbison test-serve: disable unfixable tests on Windows...	r31771	#if no-root no-windows
Patrick Mezard tests: convert test-serve to new format	r13540	$ KILLQUIETLY=Y
		$ hgserve -p daytime
		abort: cannot start server at 'localhost:13': Permission denied
		abort: child process failed to start
		% errors
		$ KILLQUIETLY=N
Matt Mackall tests: skip tests that require not having root (issue4089)...	r20008	#endif
Patrick Mezard tests: convert test-serve to new format	r13540
		With --prefix foo

		$ hgserve --prefix foo
Matt Harbison test-serve: make the 'listening at *' lines optional...	r31769	listening at http://localhost/foo/ (bound to $LOCALIP:HGPORT1) (glob) (?)
Patrick Mezard tests: convert test-serve to new format	r13540	% errors

		With --prefix /foo

		$ hgserve --prefix /foo
Matt Harbison test-serve: make the 'listening at *' lines optional...	r31769	listening at http://localhost/foo/ (bound to $LOCALIP:HGPORT1) (glob) (?)
Patrick Mezard tests: convert test-serve to new format	r13540	% errors

		With --prefix foo/

		$ hgserve --prefix foo/
Matt Harbison test-serve: make the 'listening at *' lines optional...	r31769	listening at http://localhost/foo/ (bound to $LOCALIP:HGPORT1) (glob) (?)
Patrick Mezard tests: convert test-serve to new format	r13540	% errors

		With --prefix /foo/

		$ hgserve --prefix /foo/
Matt Harbison test-serve: make the 'listening at *' lines optional...	r31769	listening at http://localhost/foo/ (bound to $LOCALIP:HGPORT1) (glob) (?)
Patrick Mezard tests: convert test-serve to new format	r13540	% errors
Mads Kiilerich tests: add missing trailing 'cd ..'...	r16913
Matt Harbison server: ensure the incoming request falls under the prefix value...	r37288	$ $PYTHON $RUNTESTDIR/killdaemons.py $DAEMON_PIDS

		With out of bounds accesses

		$ rm access.log
		$ hg serve -a localhost -p $HGPORT -d --prefix some/dir \
		> --pid-file=hg.pid -E errors.log
		$ cat hg.pid >> "$DAEMON_PIDS"

		$ hg id http://localhost:$HGPORT/some/dir7
		abort: HTTP Error 404: Not Found
		[255]
		$ hg id http://localhost:$HGPORT/some
		abort: HTTP Error 404: Not Found
		[255]

		$ cat access.log errors.log
		$LOCALIP - - [$LOGDATE$] "GET /some/dir7?cmd=capabilities HTTP/1.1" 404 - (glob)
		$LOCALIP - - [$LOGDATE$] "GET /some?cmd=capabilities HTTP/1.1" 404 - (glob)

Mads Kiilerich tests: add missing trailing 'cd ..'...	r16913	$ cd ..