# HG changeset patch
# User Pierre-Yves David <pierre-yves.david@octobus.net>
# Date 2021-06-24 01:22:03
# Node ID adb9d79a4be4a6484d88812815f587a2a7ab0bce
# Parent  25d36300ba8e13dcec9ba7dfc3f10fa1be4b3c44

stream: double check that self.vfs is *not* in the vfsmap

The stream clone logic allows for writing any content to any file under various
vfs. This is *not* suitable for *vfs*, since writing in `.hg/` directly allow to
modify the configuration and is a great and simple gateway for remote code
execution.

Differential Revision: https://phab.mercurial-scm.org/D10905

diff --git a/mercurial/streamclone.py b/mercurial/streamclone.py
--- a/mercurial/streamclone.py
+++ b/mercurial/streamclone.py
@@ -560,6 +560,12 @@ def _makemap(repo):
 def _emit2(repo, entries, totalfilesize):
     """actually emit the stream bundle"""
     vfsmap = _makemap(repo)
+    # we keep repo.vfs out of the on purpose, ther are too many danger there
+    # (eg: .hg/hgrc),
+    #
+    # this assert is duplicated (from _makemap) as author might think this is
+    # fine, while this is really not fine.
+    assert repo.vfs not in vfsmap.values()
     progress = repo.ui.makeprogress(
         _(b'bundle'), total=totalfilesize, unit=_(b'bytes')
     )
@@ -685,6 +691,12 @@ def consumev2(repo, fp, filecount, files
         progress.update(0)
 
         vfsmap = _makemap(repo)
+        # we keep repo.vfs out of the on purpose, ther are too many danger
+        # there (eg: .hg/hgrc),
+        #
+        # this assert is duplicated (from _makemap) as author might think this
+        # is fine, while this is really not fine.
+        assert repo.vfs not in vfsmap.values()
 
         with repo.transaction(b'clone'):
             ctxs = (vfs.backgroundclosing(repo.ui) for vfs in vfsmap.values())