upstream/mercurial-mirror Files · tests/test-purge.t

sslutil: require TLS 1.1+ when supported...

sslutil: require TLS 1.1+ when supported Currently, Mercurial will use TLS 1.0 or newer when connecting to remote servers, selecting the highest TLS version supported by both peers. On older Pythons, only TLS 1.0 is available. On newer Pythons, TLS 1.1 and 1.2 should be available. Security professionals recommend avoiding TLS 1.0 if possible. PCI DSS 3.1 "strongly encourages" the use of TLS 1.2. Known attacks like BEAST and POODLE exist against TLS 1.0 (although mitigations are available and properly configured servers aren't vulnerable). I asked Eric Rescorla - Mozilla's resident crypto expert - whether Mercurial should drop support for TLS 1.0. His response was "if you can get away with it." Essentially, a number of servers on the Internet don't support TLS 1.1+. This is why web browsers continue to support TLS 1.0 despite desires from security experts. This patch changes Mercurial's default behavior on modern Python versions to require TLS 1.1+, thus avoiding known security issues with TLS 1.0 and making Mercurial more secure by default. Rather than drop TLS 1.0 support wholesale, we still allow TLS 1.0 to be used if configured. This is a compromise solution - ideally we'd disallow TLS 1.0. However, since we're not sure how many Mercurial servers don't support TLS 1.1+ and we're not sure how much user inconvenience this change will bring, I think it is prudent to ship an escape hatch that still allows usage of TLS 1.0. In the default case our users get better security. In the worst case, they are no worse off than before this patch. This patch has no effect when running on Python versions that don't support TLS 1.1+. As the added test shows, connecting to a server that doesn't support TLS 1.1+ will display a warning message with a link to our wiki, where we can guide people to configure their client to allow less secure connections.

Ben Kehoe - - Load All Authors

File last commit:

r21853:8127b9e7 default


                r29560:303e9300

default

Download file

             test-purge.t
        
                    264 lines
            
             | 4.9 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-purge.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

        $ cat <<EOF >> $HGRCPATH

        > [extensions]

        > purge =

        > EOF

      init

        $ hg init t

        $ cd t

      setup

        $ echo r1 > r1

        $ hg ci -qAmr1 -d'0 0'

        $ mkdir directory

        $ echo r2 > directory/r2

        $ hg ci -qAmr2 -d'1 0'

        $ echo 'ignored' > .hgignore

        $ hg ci -qAmr3 -d'2 0'

      delete an empty directory

        $ mkdir empty_dir

        $ hg purge -p -v

        empty_dir

        $ hg purge -v

        removing directory empty_dir

        $ ls

        directory

        r1

      delete an untracked directory

        $ mkdir untracked_dir

        $ touch untracked_dir/untracked_file1

        $ touch untracked_dir/untracked_file2

        $ hg purge -p

        untracked_dir/untracked_file1

        untracked_dir/untracked_file2

        $ hg purge -v

        removing file untracked_dir/untracked_file1

        removing file untracked_dir/untracked_file2

        removing directory untracked_dir

        $ ls

        directory

        r1

      delete an untracked file

        $ touch untracked_file

        $ touch untracked_file_readonly

        $ python <<EOF

        > import os, stat

        > f= 'untracked_file_readonly'

        > os.chmod(f, stat.S_IMODE(os.stat(f).st_mode) & ~stat.S_IWRITE)

        > EOF

        $ hg purge -p

        untracked_file

        untracked_file_readonly

        $ hg purge -v

        removing file untracked_file

        removing file untracked_file_readonly

        $ ls

        directory

        r1

      delete an untracked file in a tracked directory

        $ touch directory/untracked_file

        $ hg purge -p

        directory/untracked_file

        $ hg purge -v

        removing file directory/untracked_file

        $ ls

        directory

        r1

      delete nested directories

        $ mkdir -p untracked_directory/nested_directory

        $ hg purge -p

        untracked_directory/nested_directory

        $ hg purge -v

        removing directory untracked_directory/nested_directory

        removing directory untracked_directory

        $ ls

        directory

        r1

      delete nested directories from a subdir

        $ mkdir -p untracked_directory/nested_directory

        $ cd directory

        $ hg purge -p

        untracked_directory/nested_directory

        $ hg purge -v

        removing directory untracked_directory/nested_directory

        removing directory untracked_directory

        $ cd ..

        $ ls

        directory

        r1

      delete only part of the tree

        $ mkdir -p untracked_directory/nested_directory

        $ touch directory/untracked_file

        $ cd directory

        $ hg purge -p ../untracked_directory

        untracked_directory/nested_directory

        $ hg purge -v ../untracked_directory

        removing directory untracked_directory/nested_directory

        removing directory untracked_directory

        $ cd ..

        $ ls

        directory

        r1

        $ ls directory/untracked_file

        directory/untracked_file

        $ rm directory/untracked_file

      skip ignored files if --all not specified

        $ touch ignored

        $ hg purge -p

        $ hg purge -v

        $ ls

        directory

        ignored

        r1

        $ hg purge -p --all

        ignored

        $ hg purge -v --all

        removing file ignored

        $ ls

        directory

        r1

      abort with missing files until we support name mangling filesystems

        $ touch untracked_file

        $ rm r1

      hide error messages to avoid changing the output when the text changes

        $ hg purge -p 2> /dev/null

        untracked_file

        $ hg st

        ! r1

        ? untracked_file

        $ hg purge -p

        untracked_file

        $ hg purge -v 2> /dev/null

        removing file untracked_file

        $ hg st

        ! r1

        $ hg purge -v

        $ hg revert --all --quiet

        $ hg st -a

      tracked file in ignored directory (issue621)

        $ echo directory >> .hgignore

        $ hg ci -m 'ignore directory'

        $ touch untracked_file

        $ hg purge -p

        untracked_file

        $ hg purge -v

        removing file untracked_file

      skip excluded files

        $ touch excluded_file

        $ hg purge -p -X excluded_file

        $ hg purge -v -X excluded_file

        $ ls

        directory

        excluded_file

        r1

        $ rm excluded_file

      skip files in excluded dirs

        $ mkdir excluded_dir

        $ touch excluded_dir/file

        $ hg purge -p -X excluded_dir

        $ hg purge -v -X excluded_dir

        $ ls

        directory

        excluded_dir

        r1

        $ ls excluded_dir

        file

        $ rm -R excluded_dir

      skip excluded empty dirs

        $ mkdir excluded_dir

        $ hg purge -p -X excluded_dir

        $ hg purge -v -X excluded_dir

        $ ls

        directory

        excluded_dir

        r1

        $ rmdir excluded_dir

      skip patterns

        $ mkdir .svn

        $ touch .svn/foo

        $ mkdir directory/.svn

        $ touch directory/.svn/foo

        $ hg purge -p -X .svn -X '*/.svn'

        $ hg purge -p -X re:.*.svn

        $ rm -R .svn directory r1

      only remove files

        $ mkdir -p empty_dir dir

        $ touch untracked_file dir/untracked_file

        $ hg purge -p --files

        dir/untracked_file

        untracked_file

        $ hg purge -v --files

        removing file dir/untracked_file

        removing file untracked_file

        $ ls

        dir

        empty_dir

        $ ls dir

      only remove dirs

        $ mkdir -p empty_dir dir

        $ touch untracked_file dir/untracked_file

        $ hg purge -p --dirs

        empty_dir

        $ hg purge -v --dirs

        removing directory empty_dir

        $ ls

        dir

        untracked_file

        $ ls dir

        untracked_file

      remove both files and dirs

        $ mkdir -p empty_dir dir

        $ touch untracked_file dir/untracked_file

        $ hg purge -p --files --dirs

        dir/untracked_file

        untracked_file

        empty_dir

        $ hg purge -v --files --dirs

        removing file dir/untracked_file

        removing file untracked_file

        removing directory empty_dir

        removing directory dir

        $ ls

        $ cd ..

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				$ cat <<EOF >> $HGRCPATH
				> [extensions]
				> purge =
				> EOF

				init

				$ hg init t
				$ cd t

				setup

				$ echo r1 > r1
				$ hg ci -qAmr1 -d'0 0'
				$ mkdir directory
				$ echo r2 > directory/r2
				$ hg ci -qAmr2 -d'1 0'
				$ echo 'ignored' > .hgignore
				$ hg ci -qAmr3 -d'2 0'

				delete an empty directory

				$ mkdir empty_dir
				$ hg purge -p -v
				empty_dir
				$ hg purge -v
				removing directory empty_dir
				$ ls
				directory
				r1

				delete an untracked directory

				$ mkdir untracked_dir
				$ touch untracked_dir/untracked_file1
				$ touch untracked_dir/untracked_file2
				$ hg purge -p
				untracked_dir/untracked_file1
				untracked_dir/untracked_file2
				$ hg purge -v
				removing file untracked_dir/untracked_file1
				removing file untracked_dir/untracked_file2
				removing directory untracked_dir
				$ ls
				directory
				r1

				delete an untracked file

				$ touch untracked_file
				$ touch untracked_file_readonly
				$ python <<EOF
				> import os, stat
				> f= 'untracked_file_readonly'
				> os.chmod(f, stat.S_IMODE(os.stat(f).st_mode) & ~stat.S_IWRITE)
				> EOF
				$ hg purge -p
				untracked_file
				untracked_file_readonly
				$ hg purge -v
				removing file untracked_file
				removing file untracked_file_readonly
				$ ls
				directory
				r1

				delete an untracked file in a tracked directory

				$ touch directory/untracked_file
				$ hg purge -p
				directory/untracked_file
				$ hg purge -v
				removing file directory/untracked_file
				$ ls
				directory
				r1

				delete nested directories

				$ mkdir -p untracked_directory/nested_directory
				$ hg purge -p
				untracked_directory/nested_directory
				$ hg purge -v
				removing directory untracked_directory/nested_directory
				removing directory untracked_directory
				$ ls
				directory
				r1

				delete nested directories from a subdir

				$ mkdir -p untracked_directory/nested_directory
				$ cd directory
				$ hg purge -p
				untracked_directory/nested_directory
				$ hg purge -v
				removing directory untracked_directory/nested_directory
				removing directory untracked_directory
				$ cd ..
				$ ls
				directory
				r1

				delete only part of the tree

				$ mkdir -p untracked_directory/nested_directory
				$ touch directory/untracked_file
				$ cd directory
				$ hg purge -p ../untracked_directory
				untracked_directory/nested_directory
				$ hg purge -v ../untracked_directory
				removing directory untracked_directory/nested_directory
				removing directory untracked_directory
				$ cd ..
				$ ls
				directory
				r1
				$ ls directory/untracked_file
				directory/untracked_file
				$ rm directory/untracked_file

				skip ignored files if --all not specified

				$ touch ignored
				$ hg purge -p
				$ hg purge -v
				$ ls
				directory
				ignored
				r1
				$ hg purge -p --all
				ignored
				$ hg purge -v --all
				removing file ignored
				$ ls
				directory
				r1

				abort with missing files until we support name mangling filesystems

				$ touch untracked_file
				$ rm r1

				hide error messages to avoid changing the output when the text changes

				$ hg purge -p 2> /dev/null
				untracked_file
				$ hg st
				! r1
				? untracked_file

				$ hg purge -p
				untracked_file
				$ hg purge -v 2> /dev/null
				removing file untracked_file
				$ hg st
				! r1

				$ hg purge -v
				$ hg revert --all --quiet
				$ hg st -a

				tracked file in ignored directory (issue621)

				$ echo directory >> .hgignore
				$ hg ci -m 'ignore directory'
				$ touch untracked_file
				$ hg purge -p
				untracked_file
				$ hg purge -v
				removing file untracked_file

				skip excluded files

				$ touch excluded_file
				$ hg purge -p -X excluded_file
				$ hg purge -v -X excluded_file
				$ ls
				directory
				excluded_file
				r1
				$ rm excluded_file

				skip files in excluded dirs

				$ mkdir excluded_dir
				$ touch excluded_dir/file
				$ hg purge -p -X excluded_dir
				$ hg purge -v -X excluded_dir
				$ ls
				directory
				excluded_dir
				r1
				$ ls excluded_dir
				file
				$ rm -R excluded_dir

				skip excluded empty dirs

				$ mkdir excluded_dir
				$ hg purge -p -X excluded_dir
				$ hg purge -v -X excluded_dir
				$ ls
				directory
				excluded_dir
				r1
				$ rmdir excluded_dir

				skip patterns

				$ mkdir .svn
				$ touch .svn/foo
				$ mkdir directory/.svn
				$ touch directory/.svn/foo
				$ hg purge -p -X .svn -X '*/.svn'
				$ hg purge -p -X re:.*.svn

				$ rm -R .svn directory r1

				only remove files

				$ mkdir -p empty_dir dir
				$ touch untracked_file dir/untracked_file
				$ hg purge -p --files
				dir/untracked_file
				untracked_file
				$ hg purge -v --files
				removing file dir/untracked_file
				removing file untracked_file
				$ ls
				dir
				empty_dir
				$ ls dir

				only remove dirs

				$ mkdir -p empty_dir dir
				$ touch untracked_file dir/untracked_file
				$ hg purge -p --dirs
				empty_dir
				$ hg purge -v --dirs
				removing directory empty_dir
				$ ls
				dir
				untracked_file
				$ ls dir
				untracked_file

				remove both files and dirs

				$ mkdir -p empty_dir dir
				$ touch untracked_file dir/untracked_file
				$ hg purge -p --files --dirs
				dir/untracked_file
				untracked_file
				empty_dir
				$ hg purge -v --files --dirs
				removing file dir/untracked_file
				removing file untracked_file
				removing directory empty_dir
				removing directory dir
				$ ls

				$ cd ..