upstream/mercurial-mirror Files · tests/check-perf-code.py

dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...

dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

FUJIWARA Katsunori - - Load All Authors

File last commit:

r30149:d8a2c536 default


                r32050:77eaf953

4.1.3 stable

Download file

             check-perf-code.py
        
                    79 lines
            
             | 2.5 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / check-perf-code.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #!/usr/bin/env python

      #

      # check-perf-code - (historical) portability checker for contrib/perf.py

      from __future__ import absolute_import

      import os

      import sys

      # write static check patterns here

      perfpypats = [

        [

          (r'(branchmap|repoview)\.subsettable',

           "use getbranchmapsubsettable() for early Mercurial"),

          (r'\.(vfs|svfs|opener|sopener)',

           "use getvfs()/getsvfs() for early Mercurial"),

          (r'ui\.configint',

           "use getint() instead of ui.configint() for early Mercurial"),

        ],

        # warnings

        [

        ]

      ]

      def modulewhitelist(names):

          replacement = [('.py', ''), ('.c', ''), # trim suffix

                         ('mercurial%s' % (os.sep), ''), # trim "mercurial/" path

                        ]

          ignored = set(['__init__'])

          modules = {}

          # convert from file name to module name, and count # of appearances

          for name in names:

              name = name.strip()

              for old, new in replacement:

                  name = name.replace(old, new)

              if name not in ignored:

                  modules[name] = modules.get(name, 0) + 1

          # list up module names, which appear multiple times

          whitelist = []

          for name, count in modules.items():

              if count > 1:

                  whitelist.append(name)

          return whitelist

      if __name__ == "__main__":

          # in this case, it is assumed that result of "hg files" at

          # multiple revisions is given via stdin

          whitelist = modulewhitelist(sys.stdin)

          assert whitelist, "module whitelist is empty"

          # build up module whitelist check from file names given at runtime

          perfpypats[0].append(

              # this matching pattern assumes importing modules from

              # "mercurial" package in the current style below, for simplicity

              #

              #    from mercurial import (

              #        foo,

              #        bar,

              #        baz

              #    )

              ((r'from mercurial import [(][a-z0-9, \n#]*\n(?! *%s,|^[ #]*\n|[)])'

                % ',| *'.join(whitelist)),

               "import newer module separately in try clause for early Mercurial"

               ))

          # import contrib/check-code.py as checkcode

          assert 'RUNTESTDIR' in os.environ, "use check-perf-code.py in *.t script"

          contribpath = os.path.join(os.environ['RUNTESTDIR'], '..', 'contrib')

          sys.path.insert(0, contribpath)

          checkcode = __import__('check-code')

          # register perf.py specific entry with "checks" in check-code.py

          checkcode.checks.append(('perf.py', r'contrib/perf.py$', '',

                                   checkcode.pyfilters, perfpypats))

          sys.exit(checkcode.main())

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#!/usr/bin/env python
				#
				# check-perf-code - (historical) portability checker for contrib/perf.py

				from __future__ import absolute_import

				import os
				import sys

				# write static check patterns here
				perfpypats = [
				[
				(r'(branchmap\|repoview)\.subsettable',
				"use getbranchmapsubsettable() for early Mercurial"),
				(r'\.(vfs\|svfs\|opener\|sopener)',
				"use getvfs()/getsvfs() for early Mercurial"),
				(r'ui\.configint',
				"use getint() instead of ui.configint() for early Mercurial"),
				],
				# warnings
				[
				]
				]

				def modulewhitelist(names):
				replacement = [('.py', ''), ('.c', ''), # trim suffix
				('mercurial%s' % (os.sep), ''), # trim "mercurial/" path
				]
				ignored = set(['__init__'])
				modules = {}

				# convert from file name to module name, and count # of appearances
				for name in names:
				name = name.strip()
				for old, new in replacement:
				name = name.replace(old, new)
				if name not in ignored:
				modules[name] = modules.get(name, 0) + 1

				# list up module names, which appear multiple times
				whitelist = []
				for name, count in modules.items():
				if count > 1:
				whitelist.append(name)

				return whitelist

				if __name__ == "__main__":
				# in this case, it is assumed that result of "hg files" at
				# multiple revisions is given via stdin
				whitelist = modulewhitelist(sys.stdin)
				assert whitelist, "module whitelist is empty"

				# build up module whitelist check from file names given at runtime
				perfpypats[0].append(
				# this matching pattern assumes importing modules from
				# "mercurial" package in the current style below, for simplicity
				#
				# from mercurial import (
				# foo,
				# bar,
				# baz
				# )
				((r'from mercurial import [(][a-z0-9, \n#]\n(?! %s,\|^[ #]*\n\|[)])'
				% ',\| *'.join(whitelist)),
				"import newer module separately in try clause for early Mercurial"
				))

				# import contrib/check-code.py as checkcode
				assert 'RUNTESTDIR' in os.environ, "use check-perf-code.py in *.t script"
				contribpath = os.path.join(os.environ['RUNTESTDIR'], '..', 'contrib')
				sys.path.insert(0, contribpath)
				checkcode = __import__('check-code')

				# register perf.py specific entry with "checks" in check-code.py
				checkcode.checks.append(('perf.py', r'contrib/perf.py$', '',
				checkcode.pyfilters, perfpypats))

				sys.exit(checkcode.main())