##// END OF EJS Templates
subrepo: prohibit variable expansion on creation of hg subrepo (SEC)...
Yuya Nishihara -
r41550:6c10eba6 stable
parent child Browse files
Show More
@@ -403,7 +403,16 b' class hgsubrepo(abstractsubrepo):'
403 r = ctx.repo()
403 r = ctx.repo()
404 root = r.wjoin(path)
404 root = r.wjoin(path)
405 create = allowcreate and not r.wvfs.exists('%s/.hg' % path)
405 create = allowcreate and not r.wvfs.exists('%s/.hg' % path)
406 # repository constructor does expand variables in path, which is
407 # unsafe since subrepo path might come from untrusted source.
408 if os.path.realpath(util.expandpath(root)) != root:
409 raise error.Abort(_('subrepo path contains illegal component: %s')
410 % path)
406 self._repo = hg.repository(r.baseui, root, create=create)
411 self._repo = hg.repository(r.baseui, root, create=create)
412 if self._repo.root != root:
413 raise error.ProgrammingError('failed to reject unsafe subrepo '
414 'path: %s (expanded to %s)'
415 % (root, self._repo.root))
407
416
408 # Propagate the parent's --hidden option
417 # Propagate the parent's --hidden option
409 if r is r.unfiltered():
418 if r is r.unfiltered():
@@ -151,20 +151,37 b' Test current path'
151 -----------------
151 -----------------
152
152
153 on commit:
153 on commit:
154 BROKEN: should fail
155
154
156 $ hg init currentpath
155 $ hg init currentpath
157 $ cd currentpath
156 $ cd currentpath
158 $ hg init sub
157 $ hg init sub
159 $ echo '. = sub' >> .hgsub
158 $ echo '. = sub' >> .hgsub
160 $ hg ci -qAm 'add subrepo "."'
159 $ hg ci -qAm 'add subrepo "."'
160 abort: subrepo path contains illegal component: .
161 [255]
162
163 prepare tampered repo (including the commit above):
164
165 $ hg import --bypass -qm 'add subrepo "."' - <<'EOF'
166 > diff --git a/.hgsub b/.hgsub
167 > new file mode 100644
168 > --- /dev/null
169 > +++ b/.hgsub
170 > @@ -0,0 +1,1 @@
171 > +.= sub
172 > diff --git a/.hgsubstate b/.hgsubstate
173 > new file mode 100644
174 > --- /dev/null
175 > +++ b/.hgsubstate
176 > @@ -0,0 +1,1 @@
177 > +0000000000000000000000000000000000000000 .
178 > EOF
161 $ cd ..
179 $ cd ..
162
180
163 on clone (and update):
181 on clone (and update):
164
182
165 $ hg clone -q currentpath currentpath2 --config ui.timeout=1
183 $ hg clone -q currentpath currentpath2
166 waiting for lock on working directory of $TESTTMP/currentpath2/. * (glob)
184 abort: subrepo path contains illegal component: .
167 abort: working directory of $TESTTMP/currentpath2/.: timed out waiting for lock held by '*' (glob)
168 [255]
185 [255]
169
186
170 Test outer path
187 Test outer path
@@ -214,7 +231,6 b" Subrepository paths shouldn't be expande"
214 properly. Any local repository paths are expanded.
231 properly. Any local repository paths are expanded.
215
232
216 on commit:
233 on commit:
217 BROKEN: wrong error message
218
234
219 $ mkdir envvar
235 $ mkdir envvar
220 $ cd envvar
236 $ cd envvar
@@ -230,7 +246,7 b' BROKEN: wrong error message'
230 39eb4b4d3e096527668784893a9280578a8f38b8
246 39eb4b4d3e096527668784893a9280578a8f38b8
231 $ echo '$SUB = sub1' >> .hgsub
247 $ echo '$SUB = sub1' >> .hgsub
232 $ SUB=sub1 hg ci -qAm 'add subrepo "$SUB"'
248 $ SUB=sub1 hg ci -qAm 'add subrepo "$SUB"'
233 abort: repository $TESTTMP/envvar/main/$SUB already exists!
249 abort: subrepo path contains illegal component: $SUB
234 [255]
250 [255]
235
251
236 prepare tampered repo (including the changes above as two commits):
252 prepare tampered repo (including the changes above as two commits):
@@ -267,20 +283,23 b' on clone (and update) with various subst'
267 $SUB
283 $SUB
268
284
269 $ SUB=sub1 hg clone -q main main3
285 $ SUB=sub1 hg clone -q main main3
286 abort: subrepo path contains illegal component: $SUB
287 [255]
270 $ ls main3
288 $ ls main3
271 sub1
272
289
273 $ SUB=sub2 hg clone -q main main4
290 $ SUB=sub2 hg clone -q main main4
291 abort: subrepo path contains illegal component: $SUB
292 [255]
274 $ ls main4
293 $ ls main4
275 sub2
276
294
277 on clone empty subrepo into .hg, then pull (and update), which at least fails:
295 on clone empty subrepo into .hg, then pull (and update), which at least fails:
278 BROKEN: the first clone should fail
279
296
280 $ SUB=.hg hg clone -qr0 main main5
297 $ SUB=.hg hg clone -qr0 main main5
298 abort: subrepo path contains illegal component: $SUB
299 [255]
281 $ ls main5
300 $ ls main5
282 $ ls -d main5/.hg/.hg
301 $ test -d main5/.hg/.hg
283 main5/.hg/.hg
302 [1]
284 $ SUB=.hg hg -R main5 pull -u
303 $ SUB=.hg hg -R main5 pull -u
285 pulling from $TESTTMP/envvar/main
304 pulling from $TESTTMP/envvar/main
286 searching for changes
305 searching for changes
@@ -289,7 +308,8 b' BROKEN: the first clone should fail'
289 adding file changes
308 adding file changes
290 added 1 changesets with 1 changes to 1 files
309 added 1 changesets with 1 changes to 1 files
291 new changesets 7a2f0e59146f
310 new changesets 7a2f0e59146f
292 abort: repository $TESTTMP/envvar/main5/$SUB already exists!
311 .hgsubstate: untracked file differs
312 abort: untracked files in working directory differ from files in requested revision
293 [255]
313 [255]
294 $ cat main5/.hg/hgrc | grep pwned
314 $ cat main5/.hg/hgrc | grep pwned
295 [1]
315 [1]
@@ -297,32 +317,36 b' BROKEN: the first clone should fail'
297 on clone (and update) into .hg, which at least fails:
317 on clone (and update) into .hg, which at least fails:
298
318
299 $ SUB=.hg hg clone -q main main6
319 $ SUB=.hg hg clone -q main main6
300 abort: destination '$TESTTMP/envvar/main6/.hg' is not empty (in subrepository ".hg")
320 abort: subrepo path contains illegal component: $SUB
301 [255]
321 [255]
302 $ ls main6
322 $ ls main6
303 $ cat main6/.hg/hgrc | grep pwned
323 $ cat main6/.hg/hgrc | grep pwned
304 [1]
324 [1]
305
325
306 on clone (and update) into .hg/* subdir:
326 on clone (and update) into .hg/* subdir:
307 BROKEN: should fail
308
327
309 $ SUB=.hg/foo hg clone -q main main7
328 $ SUB=.hg/foo hg clone -q main main7
329 abort: subrepo path contains illegal component: $SUB
330 [255]
310 $ ls main7
331 $ ls main7
311 $ ls main7/.hg/foo
332 $ test -d main7/.hg/.hg
312 hgrc
333 [1]
313
334
314 on clone (and update) into outer tree:
335 on clone (and update) into outer tree:
315 BROKEN: should fail
316
336
317 $ SUB=../out-of-tree-write hg clone -q main main8
337 $ SUB=../out-of-tree-write hg clone -q main main8
338 abort: subrepo path contains illegal component: $SUB
339 [255]
318 $ ls main8
340 $ ls main8
319
341
320 on clone (and update) into e.g. $HOME, which doesn't work since subrepo paths
342 on clone (and update) into e.g. $HOME, which doesn't work since subrepo paths
321 are concatenated prior to variable expansion:
343 are concatenated prior to variable expansion:
322
344
323 $ SUB="$TESTTMP/envvar/fakehome" hg clone -q main main9
345 $ SUB="$TESTTMP/envvar/fakehome" hg clone -q main main9
346 abort: subrepo path contains illegal component: $SUB
347 [255]
324 $ ls main9 | wc -l
348 $ ls main9 | wc -l
325 \s*1 (re)
349 \s*0 (re)
326
350
327 $ ls
351 $ ls
328 main
352 main
@@ -334,7 +358,6 b' are concatenated prior to variable expan'
334 main7
358 main7
335 main8
359 main8
336 main9
360 main9
337 out-of-tree-write
338 $ cd ..
361 $ cd ..
339
362
340 Test tilde
363 Test tilde
@@ -463,7 +486,6 b' Test symlink traversal by variable expan'
463 $ FAKEHOME="$TESTTMP/envvarsym/fakehome"
486 $ FAKEHOME="$TESTTMP/envvarsym/fakehome"
464
487
465 on commit:
488 on commit:
466 BROKEN: wrong error message
467
489
468 $ mkdir envvarsym
490 $ mkdir envvarsym
469 $ cd envvarsym
491 $ cd envvarsym
@@ -479,7 +501,7 b' BROKEN: wrong error message'
479 f40c9134ba1b6961e12f250868823f0092fb68a8
501 f40c9134ba1b6961e12f250868823f0092fb68a8
480 $ echo '$SUB = sub1' >> .hgsub
502 $ echo '$SUB = sub1' >> .hgsub
481 $ SUB="$FAKEHOME" hg ci -qAm 'add subrepo "$SUB"'
503 $ SUB="$FAKEHOME" hg ci -qAm 'add subrepo "$SUB"'
482 abort: repository $TESTTMP/envvarsym/main/$SUB already exists!
504 abort: subrepo path contains illegal component: $SUB
483 [255]
505 [255]
484
506
485 prepare tampered repo (including the changes above as two commits):
507 prepare tampered repo (including the changes above as two commits):
@@ -510,46 +532,47 b' prepare tampered repo (including the cha'
510 $ cd ..
532 $ cd ..
511
533
512 on clone (and update) without fakehome directory:
534 on clone (and update) without fakehome directory:
513 BROKEN: should fail
514
535
515 $ rm -fR "$FAKEHOME"
536 $ rm -fR "$FAKEHOME"
516 $ SUB="$FAKEHOME" hg clone -q main main2
537 $ SUB="$FAKEHOME" hg clone -q main main2
517 $ ls "$FAKEHOME"
538 abort: subrepo path contains illegal component: $SUB
518 pwned
539 [255]
540 $ test -d "$FAKEHOME"
541 [1]
519
542
520 on clone (and update) with empty fakehome directory:
543 on clone (and update) with empty fakehome directory:
521 BROKEN: should fail
522
544
523 $ rm -fR "$FAKEHOME"
545 $ rm -fR "$FAKEHOME"
524 $ mkdir "$FAKEHOME"
546 $ mkdir "$FAKEHOME"
525 $ SUB="$FAKEHOME" hg clone -q main main3
547 $ SUB="$FAKEHOME" hg clone -q main main3
548 abort: subrepo path contains illegal component: $SUB
549 [255]
526 $ ls "$FAKEHOME"
550 $ ls "$FAKEHOME"
527 pwned
528
551
529 on clone (and update) with non-empty fakehome directory:
552 on clone (and update) with non-empty fakehome directory:
530 BROKEN: wrong error message
531
553
532 $ rm -fR "$FAKEHOME"
554 $ rm -fR "$FAKEHOME"
533 $ mkdir "$FAKEHOME"
555 $ mkdir "$FAKEHOME"
534 $ touch "$FAKEHOME/a"
556 $ touch "$FAKEHOME/a"
535 $ SUB="$FAKEHOME" hg clone -q main main4
557 $ SUB="$FAKEHOME" hg clone -q main main4
536 abort: destination '$TESTTMP/envvarsym/fakehome' is not empty (in subrepository "*") (glob)
558 abort: subrepo path contains illegal component: $SUB
537 [255]
559 [255]
538 $ ls "$FAKEHOME"
560 $ ls "$FAKEHOME"
539 a
561 a
540
562
541 on clone empty subrepo with non-empty fakehome directory,
563 on clone empty subrepo with non-empty fakehome directory,
542 then pull (and update):
564 then pull (and update):
543 BROKEN: the first clone should fail
544
565
545 $ rm -fR "$FAKEHOME"
566 $ rm -fR "$FAKEHOME"
546 $ mkdir "$FAKEHOME"
567 $ mkdir "$FAKEHOME"
547 $ touch "$FAKEHOME/a"
568 $ touch "$FAKEHOME/a"
548 $ SUB="$FAKEHOME" hg clone -qr1 main main5
569 $ SUB="$FAKEHOME" hg clone -qr1 main main5
570 abort: subrepo path contains illegal component: $SUB
571 [255]
549 $ ls "$FAKEHOME"
572 $ ls "$FAKEHOME"
550 a
573 a
551 $ ls -d "$FAKEHOME/.hg"
574 $ test -d "$FAKEHOME/.hg"
552 $TESTTMP/envvarsym/fakehome/.hg
575 [1]
553 $ SUB="$FAKEHOME" hg -R main5 pull -u
576 $ SUB="$FAKEHOME" hg -R main5 pull -u
554 pulling from $TESTTMP/envvarsym/main
577 pulling from $TESTTMP/envvarsym/main
555 searching for changes
578 searching for changes
@@ -558,21 +581,23 b' BROKEN: the first clone should fail'
558 adding file changes
581 adding file changes
559 added 1 changesets with 1 changes to 1 files
582 added 1 changesets with 1 changes to 1 files
560 new changesets * (glob)
583 new changesets * (glob)
561 abort: repository $TESTTMP/envvarsym/main5/$SUB already exists!
584 .hgsubstate: untracked file differs
585 abort: untracked files in working directory differ from files in requested revision
562 [255]
586 [255]
563 $ ls "$FAKEHOME"
587 $ ls "$FAKEHOME"
564 a
588 a
589 $ test -d "$FAKEHOME/.hg"
590 [1]
565
591
566 on clone empty subrepo with hg-managed fakehome directory,
592 on clone empty subrepo with hg-managed fakehome directory,
567 then pull (and update):
593 then pull (and update):
568 BROKEN: wrong error message
569
594
570 $ rm -fR "$FAKEHOME"
595 $ rm -fR "$FAKEHOME"
571 $ hg init "$FAKEHOME"
596 $ hg init "$FAKEHOME"
572 $ touch "$FAKEHOME/a"
597 $ touch "$FAKEHOME/a"
573 $ hg -R "$FAKEHOME" ci -qAm 'add fakehome file'
598 $ hg -R "$FAKEHOME" ci -qAm 'add fakehome file'
574 $ SUB="$FAKEHOME" hg clone -qr1 main main6
599 $ SUB="$FAKEHOME" hg clone -qr1 main main6
575 abort: repository $TESTTMP/envvarsym/main6/$SUB already exists!
600 abort: subrepo path contains illegal component: $SUB
576 [255]
601 [255]
577 $ ls "$FAKEHOME"
602 $ ls "$FAKEHOME"
578 a
603 a
@@ -592,7 +617,6 b' BROKEN: wrong error message'
592
617
593 on clone only symlink with hg-managed fakehome directory,
618 on clone only symlink with hg-managed fakehome directory,
594 then pull (and update):
619 then pull (and update):
595 BROKEN: wrong error message
596
620
597 $ rm -fR "$FAKEHOME"
621 $ rm -fR "$FAKEHOME"
598 $ hg init "$FAKEHOME"
622 $ hg init "$FAKEHOME"
@@ -609,7 +633,7 b' BROKEN: wrong error message'
609 adding file changes
633 adding file changes
610 added 2 changesets with 3 changes to 2 files
634 added 2 changesets with 3 changes to 2 files
611 new changesets * (glob)
635 new changesets * (glob)
612 abort: repository $TESTTMP/envvarsym/main7/$SUB already exists!
636 abort: subrepo path contains illegal component: $SUB
613 [255]
637 [255]
614 $ ls "$FAKEHOME"
638 $ ls "$FAKEHOME"
615 a
639 a
General Comments 0
You need to be logged in to leave comments. Login now