##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

subrepo: prohibit variable expansion on creation of hg subrepo (SEC)...
Yuya Nishihara -
r41550:6c10eba6 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -403,7 +403,16 b' class hgsubrepo(abstractsubrepo):'
403 403 r = ctx.repo()
404 404 root = r.wjoin(path)
405 405 create = allowcreate and not r.wvfs.exists('%s/.hg' % path)
406 # repository constructor does expand variables in path, which is
407 # unsafe since subrepo path might come from untrusted source.
408 if os.path.realpath(util.expandpath(root)) != root:
409 raise error.Abort(_('subrepo path contains illegal component: %s')
410 % path)
406 411 self._repo = hg.repository(r.baseui, root, create=create)
412 if self._repo.root != root:
413 raise error.ProgrammingError('failed to reject unsafe subrepo '
414 'path: %s (expanded to %s)'
415 % (root, self._repo.root))
407 416
408 417 # Propagate the parent's --hidden option
409 418 if r is r.unfiltered():
Show file before | Show file after | Hide comments
@@ -151,20 +151,37 b' Test current path'
151 151 -----------------
152 152
153 153 on commit:
154 BROKEN: should fail
155 154
156 155 $ hg init currentpath
157 156 $ cd currentpath
158 157 $ hg init sub
159 158 $ echo '. = sub' >> .hgsub
160 159 $ hg ci -qAm 'add subrepo "."'
160 abort: subrepo path contains illegal component: .
161 [255]
162
163 prepare tampered repo (including the commit above):
164
165 $ hg import --bypass -qm 'add subrepo "."' - <<'EOF'
166 > diff --git a/.hgsub b/.hgsub
167 > new file mode 100644
168 > --- /dev/null
169 > +++ b/.hgsub
170 > @@ -0,0 +1,1 @@
171 > +.= sub
172 > diff --git a/.hgsubstate b/.hgsubstate
173 > new file mode 100644
174 > --- /dev/null
175 > +++ b/.hgsubstate
176 > @@ -0,0 +1,1 @@
177 > +0000000000000000000000000000000000000000 .
178 > EOF
161 179 $ cd ..
162 180
163 181 on clone (and update):
164 182
165 $ hg clone -q currentpath currentpath2 --config ui.timeout=1
166 waiting for lock on working directory of $TESTTMP/currentpath2/. * (glob)
167 abort: working directory of $TESTTMP/currentpath2/.: timed out waiting for lock held by '*' (glob)
183 $ hg clone -q currentpath currentpath2
184 abort: subrepo path contains illegal component: .
168 185 [255]
169 186
170 187 Test outer path
@@ -214,7 +231,6 b" Subrepository paths shouldn't be expande"
214 231 properly. Any local repository paths are expanded.
215 232
216 233 on commit:
217 BROKEN: wrong error message
218 234
219 235 $ mkdir envvar
220 236 $ cd envvar
@@ -230,7 +246,7 b' BROKEN: wrong error message'
230 246 39eb4b4d3e096527668784893a9280578a8f38b8
231 247 $ echo '$SUB = sub1' >> .hgsub
232 248 $ SUB=sub1 hg ci -qAm 'add subrepo "$SUB"'
233 abort: repository $TESTTMP/envvar/main/$SUB already exists!
249 abort: subrepo path contains illegal component: $SUB
234 250 [255]
235 251
236 252 prepare tampered repo (including the changes above as two commits):
@@ -267,20 +283,23 b' on clone (and update) with various subst'
267 283 $SUB
268 284
269 285 $ SUB=sub1 hg clone -q main main3
286 abort: subrepo path contains illegal component: $SUB
287 [255]
270 288 $ ls main3
271 sub1
272 289
273 290 $ SUB=sub2 hg clone -q main main4
291 abort: subrepo path contains illegal component: $SUB
292 [255]
274 293 $ ls main4
275 sub2
276 294
277 295 on clone empty subrepo into .hg, then pull (and update), which at least fails:
278 BROKEN: the first clone should fail
279 296
280 297 $ SUB=.hg hg clone -qr0 main main5
298 abort: subrepo path contains illegal component: $SUB
299 [255]
281 300 $ ls main5
282 $ ls -d main5/.hg/.hg
283 main5/.hg/.hg
301 $ test -d main5/.hg/.hg
302 [1]
284 303 $ SUB=.hg hg -R main5 pull -u
285 304 pulling from $TESTTMP/envvar/main
286 305 searching for changes
@@ -289,7 +308,8 b' BROKEN: the first clone should fail'
289 308 adding file changes
290 309 added 1 changesets with 1 changes to 1 files
291 310 new changesets 7a2f0e59146f
292 abort: repository $TESTTMP/envvar/main5/$SUB already exists!
311 .hgsubstate: untracked file differs
312 abort: untracked files in working directory differ from files in requested revision
293 313 [255]
294 314 $ cat main5/.hg/hgrc | grep pwned
295 315 [1]
@@ -297,32 +317,36 b' BROKEN: the first clone should fail'
297 317 on clone (and update) into .hg, which at least fails:
298 318
299 319 $ SUB=.hg hg clone -q main main6
300 abort: destination '$TESTTMP/envvar/main6/.hg' is not empty (in subrepository ".hg")
320 abort: subrepo path contains illegal component: $SUB
301 321 [255]
302 322 $ ls main6
303 323 $ cat main6/.hg/hgrc | grep pwned
304 324 [1]
305 325
306 326 on clone (and update) into .hg/* subdir:
307 BROKEN: should fail
308 327
309 328 $ SUB=.hg/foo hg clone -q main main7
329 abort: subrepo path contains illegal component: $SUB
330 [255]
310 331 $ ls main7
311 $ ls main7/.hg/foo
312 hgrc
332 $ test -d main7/.hg/.hg
333 [1]
313 334
314 335 on clone (and update) into outer tree:
315 BROKEN: should fail
316 336
317 337 $ SUB=../out-of-tree-write hg clone -q main main8
338 abort: subrepo path contains illegal component: $SUB
339 [255]
318 340 $ ls main8
319 341
320 342 on clone (and update) into e.g. $HOME, which doesn't work since subrepo paths
321 343 are concatenated prior to variable expansion:
322 344
323 345 $ SUB="$TESTTMP/envvar/fakehome" hg clone -q main main9
346 abort: subrepo path contains illegal component: $SUB
347 [255]
324 348 $ ls main9 | wc -l
325 \s*1 (re)
349 \s*0 (re)
326 350
327 351 $ ls
328 352 main
@@ -334,7 +358,6 b' are concatenated prior to variable expan'
334 358 main7
335 359 main8
336 360 main9
337 out-of-tree-write
338 361 $ cd ..
339 362
340 363 Test tilde
@@ -463,7 +486,6 b' Test symlink traversal by variable expan'
463 486 $ FAKEHOME="$TESTTMP/envvarsym/fakehome"
464 487
465 488 on commit:
466 BROKEN: wrong error message
467 489
468 490 $ mkdir envvarsym
469 491 $ cd envvarsym
@@ -479,7 +501,7 b' BROKEN: wrong error message'
479 501 f40c9134ba1b6961e12f250868823f0092fb68a8
480 502 $ echo '$SUB = sub1' >> .hgsub
481 503 $ SUB="$FAKEHOME" hg ci -qAm 'add subrepo "$SUB"'
482 abort: repository $TESTTMP/envvarsym/main/$SUB already exists!
504 abort: subrepo path contains illegal component: $SUB
483 505 [255]
484 506
485 507 prepare tampered repo (including the changes above as two commits):
@@ -510,46 +532,47 b' prepare tampered repo (including the cha'
510 532 $ cd ..
511 533
512 534 on clone (and update) without fakehome directory:
513 BROKEN: should fail
514 535
515 536 $ rm -fR "$FAKEHOME"
516 537 $ SUB="$FAKEHOME" hg clone -q main main2
517 $ ls "$FAKEHOME"
518 pwned
538 abort: subrepo path contains illegal component: $SUB
539 [255]
540 $ test -d "$FAKEHOME"
541 [1]
519 542
520 543 on clone (and update) with empty fakehome directory:
521 BROKEN: should fail
522 544
523 545 $ rm -fR "$FAKEHOME"
524 546 $ mkdir "$FAKEHOME"
525 547 $ SUB="$FAKEHOME" hg clone -q main main3
548 abort: subrepo path contains illegal component: $SUB
549 [255]
526 550 $ ls "$FAKEHOME"
527 pwned
528 551
529 552 on clone (and update) with non-empty fakehome directory:
530 BROKEN: wrong error message
531 553
532 554 $ rm -fR "$FAKEHOME"
533 555 $ mkdir "$FAKEHOME"
534 556 $ touch "$FAKEHOME/a"
535 557 $ SUB="$FAKEHOME" hg clone -q main main4
536 abort: destination '$TESTTMP/envvarsym/fakehome' is not empty (in subrepository "*") (glob)
558 abort: subrepo path contains illegal component: $SUB
537 559 [255]
538 560 $ ls "$FAKEHOME"
539 561 a
540 562
541 563 on clone empty subrepo with non-empty fakehome directory,
542 564 then pull (and update):
543 BROKEN: the first clone should fail
544 565
545 566 $ rm -fR "$FAKEHOME"
546 567 $ mkdir "$FAKEHOME"
547 568 $ touch "$FAKEHOME/a"
548 569 $ SUB="$FAKEHOME" hg clone -qr1 main main5
570 abort: subrepo path contains illegal component: $SUB
571 [255]
549 572 $ ls "$FAKEHOME"
550 573 a
551 $ ls -d "$FAKEHOME/.hg"
552 $TESTTMP/envvarsym/fakehome/.hg
574 $ test -d "$FAKEHOME/.hg"
575 [1]
553 576 $ SUB="$FAKEHOME" hg -R main5 pull -u
554 577 pulling from $TESTTMP/envvarsym/main
555 578 searching for changes
@@ -558,21 +581,23 b' BROKEN: the first clone should fail'
558 581 adding file changes
559 582 added 1 changesets with 1 changes to 1 files
560 583 new changesets * (glob)
561 abort: repository $TESTTMP/envvarsym/main5/$SUB already exists!
584 .hgsubstate: untracked file differs
585 abort: untracked files in working directory differ from files in requested revision
562 586 [255]
563 587 $ ls "$FAKEHOME"
564 588 a
589 $ test -d "$FAKEHOME/.hg"
590 [1]
565 591
566 592 on clone empty subrepo with hg-managed fakehome directory,
567 593 then pull (and update):
568 BROKEN: wrong error message
569 594
570 595 $ rm -fR "$FAKEHOME"
571 596 $ hg init "$FAKEHOME"
572 597 $ touch "$FAKEHOME/a"
573 598 $ hg -R "$FAKEHOME" ci -qAm 'add fakehome file'
574 599 $ SUB="$FAKEHOME" hg clone -qr1 main main6
575 abort: repository $TESTTMP/envvarsym/main6/$SUB already exists!
600 abort: subrepo path contains illegal component: $SUB
576 601 [255]
577 602 $ ls "$FAKEHOME"
578 603 a
@@ -592,7 +617,6 b' BROKEN: wrong error message'
592 617
593 618 on clone only symlink with hg-managed fakehome directory,
594 619 then pull (and update):
595 BROKEN: wrong error message
596 620
597 621 $ rm -fR "$FAKEHOME"
598 622 $ hg init "$FAKEHOME"
@@ -609,7 +633,7 b' BROKEN: wrong error message'
609 633 adding file changes
610 634 added 2 changesets with 3 changes to 2 files
611 635 new changesets * (glob)
612 abort: repository $TESTTMP/envvarsym/main7/$SUB already exists!
636 abort: subrepo path contains illegal component: $SUB
613 637 [255]
614 638 $ ls "$FAKEHOME"
615 639 a
General Comments 0
You need to be logged in to leave comments. Login now