upstream/mercurial-mirror Files · tests/test-profile.t

dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...

dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

Gregory Szorc - - Load All Authors

File last commit:

r30845:262c2be8 stable


                r32050:77eaf953

4.1.3 stable

Download file

             test-profile.t
        
                    101 lines
            
             | 2.5 KiB
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-profile.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      test --time

        $ hg --time help -q help 2>&1 | grep time > /dev/null

        $ hg init a

        $ cd a

      #if lsprof

      test --profile

        $ prof='hg --config profiling.type=ls --profile'

        $ $prof st 2>../out

        $ grep CallCount ../out > /dev/null || cat ../out

        $ $prof --config profiling.output=../out st

        $ grep CallCount ../out > /dev/null || cat ../out

        $ $prof --config profiling.output=blackbox --config extensions.blackbox= st

        $ grep CallCount .hg/blackbox.log > /dev/null || cat .hg/blackbox.log

        $ $prof --config profiling.format=text st 2>../out

        $ grep CallCount ../out > /dev/null || cat ../out

        $ echo "[profiling]" >> $HGRCPATH

        $ echo "format=kcachegrind" >> $HGRCPATH

        $ $prof st 2>../out

        $ grep 'events: Ticks' ../out > /dev/null || cat ../out

        $ $prof --config profiling.output=../out st

        $ grep 'events: Ticks' ../out > /dev/null || cat ../out

      #endif

      #if lsprof serve

      Profiling of HTTP requests works

        $ $prof --config profiling.format=text --config profiling.output=../profile.log serve -d -p $HGPORT --pid-file ../hg.pid -A ../access.log

        $ cat ../hg.pid >> $DAEMON_PIDS

        $ hg -q clone -U http://localhost:$HGPORT ../clone

      A single profile is logged because file logging doesn't append

        $ grep CallCount ../profile.log | wc -l

        \s*1 (re)

      #endif

      Install an extension that can sleep and guarantee a profiler has time to run

        $ cat >> sleepext.py << EOF

        > import time

        > from mercurial import cmdutil, commands

        > cmdtable = {}

        > command = cmdutil.command(cmdtable)

        > @command('sleep', [], 'hg sleep')

        > def sleep(ui, *args, **kwargs):

        >     time.sleep(0.1)

        > EOF

        $ cat >> $HGRCPATH << EOF

        > [extensions]

        > sleep = `pwd`/sleepext.py

        > EOF

      statistical profiler works

        $ hg --profile sleep 2>../out

        $ grep Sample ../out

        Sample count: \d+ (re)

      Various statprof formatters work

        $ hg --profile --config profiling.statformat=byline sleep 2>../out

        $ head -n 1 ../out

          %   cumulative      self          

        $ grep Sample ../out

        Sample count: \d+ (re)

        $ hg --profile --config profiling.statformat=bymethod sleep 2>../out

        $ head -n 1 ../out

          %   cumulative      self          

        $ grep Sample ../out

        Sample count: \d+ (re)

        $ hg --profile --config profiling.statformat=hotpath sleep 2>../out

        $ grep Sample ../out

        Sample count: \d+ (re)

        $ hg --profile --config profiling.statformat=json sleep 2>../out

        $ cat ../out

        \[\[\d+.* (re)

      statprof can be used as a standalone module

        $ $PYTHON -m mercurial.statprof hotpath

        must specify --file to load

        [1]

        $ cd ..

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				test --time

				$ hg --time help -q help 2>&1 \| grep time > /dev/null
				$ hg init a
				$ cd a

				#if lsprof

				test --profile

				$ prof='hg --config profiling.type=ls --profile'

				$ $prof st 2>../out
				$ grep CallCount ../out > /dev/null \|\| cat ../out

				$ $prof --config profiling.output=../out st
				$ grep CallCount ../out > /dev/null \|\| cat ../out

				$ $prof --config profiling.output=blackbox --config extensions.blackbox= st
				$ grep CallCount .hg/blackbox.log > /dev/null \|\| cat .hg/blackbox.log

				$ $prof --config profiling.format=text st 2>../out
				$ grep CallCount ../out > /dev/null \|\| cat ../out

				$ echo "[profiling]" >> $HGRCPATH
				$ echo "format=kcachegrind" >> $HGRCPATH

				$ $prof st 2>../out
				$ grep 'events: Ticks' ../out > /dev/null \|\| cat ../out

				$ $prof --config profiling.output=../out st
				$ grep 'events: Ticks' ../out > /dev/null \|\| cat ../out

				#endif

				#if lsprof serve

				Profiling of HTTP requests works

				$ $prof --config profiling.format=text --config profiling.output=../profile.log serve -d -p $HGPORT --pid-file ../hg.pid -A ../access.log
				$ cat ../hg.pid >> $DAEMON_PIDS
				$ hg -q clone -U http://localhost:$HGPORT ../clone

				A single profile is logged because file logging doesn't append
				$ grep CallCount ../profile.log \| wc -l
				\s*1 (re)

				#endif

				Install an extension that can sleep and guarantee a profiler has time to run

				$ cat >> sleepext.py << EOF
				> import time
				> from mercurial import cmdutil, commands
				> cmdtable = {}
				> command = cmdutil.command(cmdtable)
				> @command('sleep', [], 'hg sleep')
				> def sleep(ui, args, *kwargs):
				> time.sleep(0.1)
				> EOF

				$ cat >> $HGRCPATH << EOF
				> [extensions]
				> sleep = `pwd`/sleepext.py
				> EOF

				statistical profiler works

				$ hg --profile sleep 2>../out
				$ grep Sample ../out
				Sample count: \d+ (re)

				Various statprof formatters work

				$ hg --profile --config profiling.statformat=byline sleep 2>../out
				$ head -n 1 ../out
				% cumulative self
				$ grep Sample ../out
				Sample count: \d+ (re)

				$ hg --profile --config profiling.statformat=bymethod sleep 2>../out
				$ head -n 1 ../out
				% cumulative self
				$ grep Sample ../out
				Sample count: \d+ (re)

				$ hg --profile --config profiling.statformat=hotpath sleep 2>../out
				$ grep Sample ../out
				Sample count: \d+ (re)

				$ hg --profile --config profiling.statformat=json sleep 2>../out
				$ cat ../out
				\[\[\d+.* (re)

				statprof can be used as a standalone module

				$ $PYTHON -m mercurial.statprof hotpath
				must specify --file to load
				[1]

				$ cd ..