Show More
| @@ -46,6 +46,13 b' class pathauditor(object):' | |||||
| 46 | or _lowerclean(parts[0]) in ('.hg', '.hg.', '') |
|
46 | or _lowerclean(parts[0]) in ('.hg', '.hg.', '') | |
| 47 | or os.pardir in parts): |
|
47 | or os.pardir in parts): | |
| 48 | raise util.Abort(_("path contains illegal component: %s") % path) |
|
48 | raise util.Abort(_("path contains illegal component: %s") % path) | |
|
|
49 | # Windows shortname aliases | |||
|
|
50 | for p in parts: | |||
|
|
51 | if "~" in p: | |||
|
|
52 | first, last = p.split("~", 1) | |||
|
|
53 | if last.isdigit() and first.upper() in ["HG", "HG8B6C"]: | |||
|
|
54 | raise util.Abort(_("path contains illegal component: %s") | |||
|
|
55 | % path) | |||
| 49 | if '.hg' in _lowerclean(path): |
|
56 | if '.hg' in _lowerclean(path): | |
| 50 | lparts = [_lowerclean(p.lower()) for p in parts] |
|
57 | lparts = [_lowerclean(p.lower()) for p in parts] | |
| 51 | for p in '.hg', '.hg.': |
|
58 | for p in '.hg', '.hg.': | |
| @@ -474,4 +474,38 b' verify pathauditor blocks evil filepaths' | |||||
| 474 | abort: path contains illegal component: .h\xe2\x80\x8cg/hgrc (esc) |
|
474 | abort: path contains illegal component: .h\xe2\x80\x8cg/hgrc (esc) | |
| 475 | [255] |
|
475 | [255] | |
| 476 |
|
476 | |||
| 477 | $ cd .. |
|
477 | $ hg rollback -f | |
|
|
478 | repository tip rolled back to revision 1 (undo commit) | |||
|
|
479 | $ cat > evil-commit.py <<EOF | |||
|
|
480 | > from mercurial import ui, hg, context, node | |||
|
|
481 | > notrc = "HG~1/hgrc" | |||
|
|
482 | > u = ui.ui() | |||
|
|
483 | > r = hg.repository(u, '.') | |||
|
|
484 | > def filectxfn(repo, memctx, path): | |||
|
|
485 | > return context.memfilectx(repo, path, '[hooks]\nupdate = echo owned') | |||
|
|
486 | > c = context.memctx(r, [r['tip'].node(), node.nullid], | |||
|
|
487 | > 'evil', [notrc], filectxfn, 0) | |||
|
|
488 | > r.commitctx(c) | |||
|
|
489 | > EOF | |||
|
|
490 | $ $PYTHON evil-commit.py | |||
|
|
491 | $ hg co --clean tip | |||
|
|
492 | abort: path contains illegal component: HG~1/hgrc | |||
|
|
493 | [255] | |||
|
|
494 | ||||
|
|
495 | $ hg rollback -f | |||
|
|
496 | repository tip rolled back to revision 1 (undo commit) | |||
|
|
497 | $ cat > evil-commit.py <<EOF | |||
|
|
498 | > from mercurial import ui, hg, context, node | |||
|
|
499 | > notrc = "HG8B6C~2/hgrc" | |||
|
|
500 | > u = ui.ui() | |||
|
|
501 | > r = hg.repository(u, '.') | |||
|
|
502 | > def filectxfn(repo, memctx, path): | |||
|
|
503 | > return context.memfilectx(repo, path, '[hooks]\nupdate = echo owned') | |||
|
|
504 | > c = context.memctx(r, [r['tip'].node(), node.nullid], | |||
|
|
505 | > 'evil', [notrc], filectxfn, 0) | |||
|
|
506 | > r.commitctx(c) | |||
|
|
507 | > EOF | |||
|
|
508 | $ $PYTHON evil-commit.py | |||
|
|
509 | $ hg co --clean tip | |||
|
|
510 | abort: path contains illegal component: HG8B6C~2/hgrc | |||
|
|
511 | [255] | |||
General Comments 0
You need to be logged in to leave comments.
Login now