upstream/mercurial-mirror Files · tests/get-with-headers.py

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Gregory Szorc - - Load All Authors

File last commit:

r27296:8e86679d default


                r28663:ae279d4a

3.7.3 stable

Download file

             get-with-headers.py
        
                    78 lines
            
             | 2.1 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / get-with-headers.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Eric Hopper
    
Add a test for getting raw files via the web UI.

              r2532
            
      #!/usr/bin/env python

        Martin Geisler
    
tests: fix doc string in get-with-headers.py

              r8447
            
      """This does HTTP GET requests given a host:port and path and returns

        Eric Hopper
    
Add a test for getting raw files via the web UI.

              r2532
            
      a subset of the headers plus the body of the result."""

        Gregory Szorc
    
tests: use absolute_import in /get-with-headers.py...

              r27296
            
      from __future__ import absolute_import

      import httplib

      import json

      import os

      import sys

        Patrick Mezard
    
get-with-headers: fix stream modes under Windows

              r7054
            
      try:

        Gregory Szorc
    
tests: use absolute_import in /get-with-headers.py...

              r27296
            
          import msvcrt

        Patrick Mezard
    
get-with-headers: fix stream modes under Windows

              r7054
            
          msvcrt.setmode(sys.stdout.fileno(), os.O_BINARY)

          msvcrt.setmode(sys.stderr.fileno(), os.O_BINARY)

      except ImportError:

          pass

        Dirkjan Ochtman
    
tests: extend get-with-headers to support cache testing

              r12182
            
      twice = False

      if '--twice' in sys.argv:

          sys.argv.remove('--twice')

          twice = True

        Pierre-Yves David
    
get-with-headers: add a --headeronly switch...

              r18400
            
      headeronly = False

      if '--headeronly' in sys.argv:

          sys.argv.remove('--headeronly')

          headeronly = True

        Gregory Szorc
    
get-with-headers: support parsing and pretty printing JSON...

              r24543
            
      formatjson = False

      if '--json' in sys.argv:

          sys.argv.remove('--json')

          formatjson = True

        Dirkjan Ochtman
    
tests: extend get-with-headers to support cache testing

              r12182
            
      tag = None

      def request(host, path, show):

        Mads Kiilerich
    
tests: prepare get-with-headers.py for MSYS...

              r17017
            
          assert not path.startswith('/'), path

        Dirkjan Ochtman
    
tests: extend get-with-headers to support cache testing

              r12182
            
          global tag

          headers = {}

          if tag:

              headers['If-None-Match'] = tag

        Bryan O'Sullivan
    
hgweb: return meaningful HTTP status codes instead of nonsense

              r5561
            
        Dirkjan Ochtman
    
tests: extend get-with-headers to support cache testing

              r12182
            
          conn = httplib.HTTPConnection(host)

        Mads Kiilerich
    
tests: prepare get-with-headers.py for MSYS...

              r17017
            
          conn.request("GET", '/' + path, None, headers)

        Dirkjan Ochtman
    
tests: extend get-with-headers to support cache testing

              r12182
            
          response = conn.getresponse()

        Pierre-Yves David
    
tests: just use 'response.reason'...

              r25208
            
          print response.status, response.reason

        Mads Kiilerich
    
serve: don't send any content headers with 304 responses...

              r18380
            
          if show[:1] == ['-']:

        Mads Kiilerich
    
tests: make test-hgweb.t output stable...

              r18393
            
              show = sorted(h for h, v in response.getheaders()

                            if h.lower() not in show)

        Dirkjan Ochtman
    
tests: extend get-with-headers to support cache testing

              r12182
            
          for h in [h.lower() for h in show]:

              if response.getheader(h, None) is not None:

                  print "%s: %s" % (h, response.getheader(h))

        Pierre-Yves David
    
get-with-headers: add a --headeronly switch...

              r18400
            
          if not headeronly:

              print

        Gregory Szorc
    
hgweb: send proper HTTP response after uncaught exception...

              r23409
            
              data = response.read()

        Gregory Szorc
    
get-with-headers: support parsing and pretty printing JSON...

              r24543
            
              # Pretty print JSON. This also has the beneficial side-effect

              # of verifying emitted JSON is well-formed.

              if formatjson:

                  # json.dumps() will print trailing newlines. Eliminate them

                  # to make tests easier to write.

                  data = json.loads(data)

                  lines = json.dumps(data, sort_keys=True, indent=2).splitlines()

                  for line in lines:

                      print line.rstrip()

              else:

                  sys.stdout.write(data)

        Dirkjan Ochtman
    
tests: extend get-with-headers to support cache testing

              r12182
            
        Pierre-Yves David
    
get-with-headers: add a --headeronly switch...

              r18400
            
              if twice and response.getheader('ETag', None):

                  tag = response.getheader('ETag')

        Dirkjan Ochtman
    
tests: extend get-with-headers to support cache testing

              r12182
            
          return response.status

      status = request(sys.argv[1], sys.argv[2], sys.argv[3:])

      if twice:

          status = request(sys.argv[1], sys.argv[2], sys.argv[3:])

      if 200 <= status <= 305:

        Bryan O'Sullivan
    
hgweb: return meaningful HTTP status codes instead of nonsense

              r5561
            
          sys.exit(0)

      sys.exit(1)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Eric Hopper Add a test for getting raw files via the web UI.	r2532	#!/usr/bin/env python

Martin Geisler tests: fix doc string in get-with-headers.py	r8447	"""This does HTTP GET requests given a host:port and path and returns
Eric Hopper Add a test for getting raw files via the web UI.	r2532	a subset of the headers plus the body of the result."""

Gregory Szorc tests: use absolute_import in /get-with-headers.py...	r27296	from __future__ import absolute_import

		import httplib
		import json
		import os
		import sys
Patrick Mezard get-with-headers: fix stream modes under Windows	r7054
		try:
Gregory Szorc tests: use absolute_import in /get-with-headers.py...	r27296	import msvcrt
Patrick Mezard get-with-headers: fix stream modes under Windows	r7054	msvcrt.setmode(sys.stdout.fileno(), os.O_BINARY)
		msvcrt.setmode(sys.stderr.fileno(), os.O_BINARY)
		except ImportError:
		pass

Dirkjan Ochtman tests: extend get-with-headers to support cache testing	r12182	twice = False
		if '--twice' in sys.argv:
		sys.argv.remove('--twice')
		twice = True
Pierre-Yves David get-with-headers: add a --headeronly switch...	r18400	headeronly = False
		if '--headeronly' in sys.argv:
		sys.argv.remove('--headeronly')
		headeronly = True
Gregory Szorc get-with-headers: support parsing and pretty printing JSON...	r24543	formatjson = False
		if '--json' in sys.argv:
		sys.argv.remove('--json')
		formatjson = True
Dirkjan Ochtman tests: extend get-with-headers to support cache testing	r12182
		tag = None
		def request(host, path, show):
Mads Kiilerich tests: prepare get-with-headers.py for MSYS...	r17017	assert not path.startswith('/'), path
Dirkjan Ochtman tests: extend get-with-headers to support cache testing	r12182	global tag
		headers = {}
		if tag:
		headers['If-None-Match'] = tag
Bryan O'Sullivan hgweb: return meaningful HTTP status codes instead of nonsense	r5561
Dirkjan Ochtman tests: extend get-with-headers to support cache testing	r12182	conn = httplib.HTTPConnection(host)
Mads Kiilerich tests: prepare get-with-headers.py for MSYS...	r17017	conn.request("GET", '/' + path, None, headers)
Dirkjan Ochtman tests: extend get-with-headers to support cache testing	r12182	response = conn.getresponse()
Pierre-Yves David tests: just use 'response.reason'...	r25208	print response.status, response.reason
Mads Kiilerich serve: don't send any content headers with 304 responses...	r18380	if show[:1] == ['-']:
Mads Kiilerich tests: make test-hgweb.t output stable...	r18393	show = sorted(h for h, v in response.getheaders()
		if h.lower() not in show)
Dirkjan Ochtman tests: extend get-with-headers to support cache testing	r12182	for h in [h.lower() for h in show]:
		if response.getheader(h, None) is not None:
		print "%s: %s" % (h, response.getheader(h))
Pierre-Yves David get-with-headers: add a --headeronly switch...	r18400	if not headeronly:
		print
Gregory Szorc hgweb: send proper HTTP response after uncaught exception...	r23409	data = response.read()
Gregory Szorc get-with-headers: support parsing and pretty printing JSON...	r24543
		# Pretty print JSON. This also has the beneficial side-effect
		# of verifying emitted JSON is well-formed.
		if formatjson:
		# json.dumps() will print trailing newlines. Eliminate them
		# to make tests easier to write.
		data = json.loads(data)
		lines = json.dumps(data, sort_keys=True, indent=2).splitlines()
		for line in lines:
		print line.rstrip()
		else:
		sys.stdout.write(data)
Dirkjan Ochtman tests: extend get-with-headers to support cache testing	r12182
Pierre-Yves David get-with-headers: add a --headeronly switch...	r18400	if twice and response.getheader('ETag', None):
		tag = response.getheader('ETag')
Dirkjan Ochtman tests: extend get-with-headers to support cache testing	r12182
		return response.status

		status = request(sys.argv[1], sys.argv[2], sys.argv[3:])
		if twice:
		status = request(sys.argv[1], sys.argv[2], sys.argv[3:])

		if 200 <= status <= 305:
Bryan O'Sullivan hgweb: return meaningful HTTP status codes instead of nonsense	r5561	sys.exit(0)
		sys.exit(1)