upstream/mercurial-mirror Files · tests/test-bundle2-pushback.t

dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...

dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

Pierre-Yves David - - Load All Authors

File last commit:

r29672:622782ea default


                r32050:77eaf953

4.1.3 stable

Download file

             test-bundle2-pushback.t
        
                    109 lines
            
             | 2.6 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-bundle2-pushback.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

        $ cat > bundle2.py << EOF

        > """A small extension to test bundle2 pushback parts.

        > Current bundle2 implementation doesn't provide a way to generate those

        > parts, so they must be created by extensions.

        > """

        > from mercurial import bundle2, pushkey, exchange, util

        > def _newhandlechangegroup(op, inpart):

        >     """This function wraps the changegroup part handler for getbundle.

        >     It issues an additional pushkey part to send a new

        >     bookmark back to the client"""

        >     result = bundle2.handlechangegroup(op, inpart)

        >     if 'pushback' in op.reply.capabilities:

        >         params = {'namespace': 'bookmarks',

        >                   'key': 'new-server-mark',

        >                   'old': '',

        >                   'new': 'tip'}

        >         encodedparams = [(k, pushkey.encode(v)) for (k,v) in params.items()]

        >         op.reply.newpart('pushkey', mandatoryparams=encodedparams)

        >     else:

        >         op.reply.newpart('output', data='pushback not enabled')

        >     return result

        > _newhandlechangegroup.params = bundle2.handlechangegroup.params

        > bundle2.parthandlermapping['changegroup'] = _newhandlechangegroup

        > EOF

        $ cat >> $HGRCPATH <<EOF

        > [ui]

        > ssh = python "$TESTDIR/dummyssh"

        > username = nobody <no.reply@example.com>

        > 

        > [alias]

        > tglog = log -G -T "{desc} [{phase}:{node|short}]"

        > EOF

      Set up server repository

        $ hg init server

        $ cd server

        $ echo c0 > f0

        $ hg commit -Am 0

        adding f0

      Set up client repository

        $ cd ..

        $ hg clone ssh://user@dummy/server client -q

        $ cd client

      Enable extension

        $ cat >> $HGRCPATH <<EOF

        > [extensions]

        > bundle2=$TESTTMP/bundle2.py

        > EOF

      Without config

        $ cd ../client

        $ echo c1 > f1

        $ hg commit -Am 1

        adding f1

        $ hg push

        pushing to ssh://user@dummy/server

        searching for changes

        remote: adding changesets

        remote: adding manifests

        remote: adding file changes

        remote: added 1 changesets with 1 changes to 1 files

        remote: pushback not enabled

        $ hg bookmark

        no bookmarks set

        $ cd ../server

        $ hg tglog

        o  1 [public:2b9c7234e035]

        |

        @  0 [public:6cee5c8f3e5b]

      With config

        $ cd ../client

        $ echo '[experimental]' >> .hg/hgrc

        $ echo 'bundle2.pushback = True' >> .hg/hgrc

        $ echo c2 > f2

        $ hg commit -Am 2

        adding f2

        $ hg push

        pushing to ssh://user@dummy/server

        searching for changes

        remote: adding changesets

        remote: adding manifests

        remote: adding file changes

        remote: added 1 changesets with 1 changes to 1 files

        $ hg bookmark

           new-server-mark           2:0a76dfb2e179

        $ cd ../server

        $ hg tglog

        o  2 [public:0a76dfb2e179]

        |

        o  1 [public:2b9c7234e035]

        |

        @  0 [public:6cee5c8f3e5b]

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				$ cat > bundle2.py << EOF
				> """A small extension to test bundle2 pushback parts.
				> Current bundle2 implementation doesn't provide a way to generate those
				> parts, so they must be created by extensions.
				> """
				> from mercurial import bundle2, pushkey, exchange, util
				> def _newhandlechangegroup(op, inpart):
				> """This function wraps the changegroup part handler for getbundle.
				> It issues an additional pushkey part to send a new
				> bookmark back to the client"""
				> result = bundle2.handlechangegroup(op, inpart)
				> if 'pushback' in op.reply.capabilities:
				> params = {'namespace': 'bookmarks',
				> 'key': 'new-server-mark',
				> 'old': '',
				> 'new': 'tip'}
				> encodedparams = [(k, pushkey.encode(v)) for (k,v) in params.items()]
				> op.reply.newpart('pushkey', mandatoryparams=encodedparams)
				> else:
				> op.reply.newpart('output', data='pushback not enabled')
				> return result
				> _newhandlechangegroup.params = bundle2.handlechangegroup.params
				> bundle2.parthandlermapping['changegroup'] = _newhandlechangegroup
				> EOF

				$ cat >> $HGRCPATH <<EOF
				> [ui]
				> ssh = python "$TESTDIR/dummyssh"
				> username = nobody <no.reply@example.com>
				>
				> [alias]
				> tglog = log -G -T "{desc} [{phase}:{node\|short}]"
				> EOF

				Set up server repository

				$ hg init server
				$ cd server
				$ echo c0 > f0
				$ hg commit -Am 0
				adding f0

				Set up client repository

				$ cd ..
				$ hg clone ssh://user@dummy/server client -q
				$ cd client

				Enable extension
				$ cat >> $HGRCPATH <<EOF
				> [extensions]
				> bundle2=$TESTTMP/bundle2.py
				> EOF

				Without config

				$ cd ../client
				$ echo c1 > f1
				$ hg commit -Am 1
				adding f1
				$ hg push
				pushing to ssh://user@dummy/server
				searching for changes
				remote: adding changesets
				remote: adding manifests
				remote: adding file changes
				remote: added 1 changesets with 1 changes to 1 files
				remote: pushback not enabled
				$ hg bookmark
				no bookmarks set

				$ cd ../server
				$ hg tglog
				o 1 [public:2b9c7234e035]
				\|
				@ 0 [public:6cee5c8f3e5b]




				With config

				$ cd ../client
				$ echo '[experimental]' >> .hg/hgrc
				$ echo 'bundle2.pushback = True' >> .hg/hgrc
				$ echo c2 > f2
				$ hg commit -Am 2
				adding f2
				$ hg push
				pushing to ssh://user@dummy/server
				searching for changes
				remote: adding changesets
				remote: adding manifests
				remote: adding file changes
				remote: added 1 changesets with 1 changes to 1 files
				$ hg bookmark
				new-server-mark 2:0a76dfb2e179

				$ cd ../server
				$ hg tglog
				o 2 [public:0a76dfb2e179]
				\|
				o 1 [public:2b9c7234e035]
				\|
				@ 0 [public:6cee5c8f3e5b]