upstream/mercurial-mirror Files · contrib/debugcmdserver.py

server: ensure the incoming request falls under the prefix value...

server: ensure the incoming request falls under the prefix value Prior to this, the first test asserted in wsgiref.validate.check_environ() saying PATH didn't start with '/', but the second test served up the repo. The assertion was just added in this cycle (though the value of PATH is still wrong without the assertion). Allowing access to the repo at any URL outside of the prefix is a long standing bug. This also affected hgwebdir, at least when used via --subrepo. Paths are not being canonicalized, so accesses to things like 'foo/../bar' will get tossed out here, unless the prefix also matches.

Pulkit Goyal - - Load All Authors

File last commit:

r28353:cd03fbd5 default


                r37288:7de7bd40

4.5.3 stable

Download file

             debugcmdserver.py
        
                    49 lines
            
             | 1.2 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / contrib / debugcmdserver.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #!/usr/bin/env python

      #

      # Dumps output generated by Mercurial's command server in a formatted style to a

      # given file or stderr if '-' is specified. Output is also written in its raw

      # format to stdout.

      #

      # $ ./hg serve --cmds pipe | ./contrib/debugcmdserver.py -

      # o, 52   -> 'capabilities: getencoding runcommand\nencoding: UTF-8'

      from __future__ import absolute_import, print_function

      import struct

      import sys

      if len(sys.argv) != 2:

          print('usage: debugcmdserver.py FILE')

          sys.exit(1)

      outputfmt = '>cI'

      outputfmtsize = struct.calcsize(outputfmt)

      if sys.argv[1] == '-':

          log = sys.stderr

      else:

          log = open(sys.argv[1], 'a')

      def read(size):

          data = sys.stdin.read(size)

          if not data:

              raise EOFError

          sys.stdout.write(data)

          sys.stdout.flush()

          return data

      try:

          while True:

              header = read(outputfmtsize)

              channel, length = struct.unpack(outputfmt, header)

              log.write('%s, %-4d' % (channel, length))

              if channel in 'IL':

                  log.write(' -> waiting for input\n')

              else:

                  data = read(length)

                  log.write(' -> %r\n' % data)

              log.flush()

      except EOFError:

          pass

      finally:

          if log != sys.stderr:

              log.close()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#!/usr/bin/env python
				#
				# Dumps output generated by Mercurial's command server in a formatted style to a
				# given file or stderr if '-' is specified. Output is also written in its raw
				# format to stdout.
				#
				# $ ./hg serve --cmds pipe \| ./contrib/debugcmdserver.py -
				# o, 52 -> 'capabilities: getencoding runcommand\nencoding: UTF-8'

				from __future__ import absolute_import, print_function
				import struct
				import sys

				if len(sys.argv) != 2:
				print('usage: debugcmdserver.py FILE')
				sys.exit(1)

				outputfmt = '>cI'
				outputfmtsize = struct.calcsize(outputfmt)

				if sys.argv[1] == '-':
				log = sys.stderr
				else:
				log = open(sys.argv[1], 'a')

				def read(size):
				data = sys.stdin.read(size)
				if not data:
				raise EOFError
				sys.stdout.write(data)
				sys.stdout.flush()
				return data

				try:
				while True:
				header = read(outputfmtsize)
				channel, length = struct.unpack(outputfmt, header)
				log.write('%s, %-4d' % (channel, length))
				if channel in 'IL':
				log.write(' -> waiting for input\n')
				else:
				data = read(length)
				log.write(' -> %r\n' % data)
				log.flush()
				except EOFError:
				pass
				finally:
				if log != sys.stderr:
				log.close()