##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.
Matt Harbison - - Load All Authors

File last commit:

r26950:6686ae52 default
r32050:77eaf953 4.1.3 stable
Show More
test-tools.t
110 lines | 2.8 KiB | text/troff | Tads3Lexer
/ tests / test-tools.t
History | Annotation | Raw |Copy content |Copy permalink
Tests of the file helper tool
$ f -h
?sage: f [options] [filenames] (glob)
?ptions: (glob)
-h, --help show this help message and exit
-t, --type show file type (file or directory)
-m, --mode show file mode
-l, --links show number of links
-s, --size show size of file
-n NEWER, --newer=NEWER
check if file is newer (or same)
-r, --recurse recurse into directories
-S, --sha1 show sha1 hash of the content
-M, --md5 show md5 hash of the content
-D, --dump dump file content
-H, --hexdump hexdump file content
-B BYTES, --bytes=BYTES
number of characters to dump
-L LINES, --lines=LINES
number of lines to dump
-q, --quiet no default output
$ mkdir dir
$ cd dir
$ f --size
size=0
$ echo hello | f --md5 --size
size=6, md5=b1946ac92492d2347c6235b4d2611184
$ f foo
foo: file not found
$ echo foo > foo
$ f foo
foo:
#if symlink
$ f foo --mode
foo: mode=644
#endif
#if no-windows
$ python $TESTDIR/seq.py 10 > bar
#else
Convert CRLF -> LF for consistency
$ python $TESTDIR/seq.py 10 | sed "s/$//" > bar
#endif
#if unix-permissions symlink
$ chmod +x bar
$ f bar --newer foo --mode --type --size --dump --links --bytes 7
bar: file, size=21, mode=755, links=1, newer than foo
>>>
1
2
3
4
<<< no trailing newline
#endif
#if unix-permissions
$ ln bar baz
$ f bar -n baz -l --hexdump -t --sha1 --lines=9 -B 20
bar: file, links=2, newer than baz, sha1=612ca68d0305c821750a
0000: 31 0a 32 0a 33 0a 34 0a 35 0a 36 0a 37 0a 38 0a |1.2.3.4.5.6.7.8.|
0010: 39 0a |9.|
$ rm baz
#endif
#if unix-permissions symlink
$ ln -s yadda l
$ f . --recurse -MStmsB4
.: directory with 3 files, mode=755
./bar: file, size=21, mode=755, md5=3b03, sha1=612c
./foo: file, size=4, mode=644, md5=d3b0, sha1=f1d2
./l: link, size=5, md5=2faa, sha1=af93
#endif
$ f --quiet bar -DL 3
1
2
3
$ cd ..
Yadda is a symlink
#if symlink
$ f -qr dir -HB 17
dir: directory with 3 files
dir/bar:
0000: 31 0a 32 0a 33 0a 34 0a 35 0a 36 0a 37 0a 38 0a |1.2.3.4.5.6.7.8.|
0010: 39 |9|
dir/foo:
0000: 66 6f 6f 0a |foo.|
dir/l:
0000: 79 61 64 64 61 |yadda|
#else
$ f -qr dir -HB 17
dir: directory with 2 files (esc)
dir/bar: (glob)
0000: 31 0a 32 0a 33 0a 34 0a 35 0a 36 0a 37 0a 38 0a |1.2.3.4.5.6.7.8.|
0010: 39 |9|
dir/foo: (glob)
0000: 66 6f 6f 0a |foo.|
#endif