upstream/mercurial-mirror Files · tests/dumbhttp.py

convert: test for shell injection in git calls (SEC)...

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

Jun Wu - - Load All Authors

File last commit:

r28451:c90cfe76 default


                r28663:ae279d4a

3.7.3 stable

Download file

             dumbhttp.py
        
                    55 lines
            
             | 1.7 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / dumbhttp.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #!/usr/bin/env python

      from __future__ import absolute_import

      """

      Small and dumb HTTP server for use in tests.

      """

      import optparse

      import BaseHTTPServer

      import signal

      import SimpleHTTPServer

      import sys

      from mercurial import (

          cmdutil,

      )

      OptionParser = optparse.OptionParser

      class simplehttpservice(object):

          def __init__(self, host, port):

              self.address = (host, port)

          def init(self):

              self.httpd = BaseHTTPServer.HTTPServer(

                  self.address, SimpleHTTPServer.SimpleHTTPRequestHandler)

          def run(self):

              self.httpd.serve_forever()

      if __name__ == '__main__':

          parser = OptionParser()

          parser.add_option('-p', '--port', dest='port', type='int', default=8000,

              help='TCP port to listen on', metavar='PORT')

          parser.add_option('-H', '--host', dest='host', default='localhost',

              help='hostname or IP to listen on', metavar='HOST')

          parser.add_option('--pid', dest='pid',

              help='file name where the PID of the server is stored')

          parser.add_option('-f', '--foreground', dest='foreground',

              action='store_true',

              help='do not start the HTTP server in the background')

          parser.add_option('--daemon-pipefds')

          (options, args) = parser.parse_args()

          signal.signal(signal.SIGTERM, lambda x, y: sys.exit(0))

          if options.foreground and options.pid:

              parser.error("options --pid and --foreground are mutually exclusive")

          opts = {'pid_file': options.pid,

                  'daemon': not options.foreground,

                  'daemon_pipefds': options.daemon_pipefds}

          service = simplehttpservice(options.host, options.port)

          cmdutil.service(opts, initfn=service.init, runfn=service.run,

                          runargs=[sys.executable, __file__] + sys.argv[1:])

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#!/usr/bin/env python

				from __future__ import absolute_import

				"""
				Small and dumb HTTP server for use in tests.
				"""

				import optparse
				import BaseHTTPServer
				import signal
				import SimpleHTTPServer
				import sys

				from mercurial import (
				cmdutil,
				)

				OptionParser = optparse.OptionParser

				class simplehttpservice(object):
				def __init__(self, host, port):
				self.address = (host, port)
				def init(self):
				self.httpd = BaseHTTPServer.HTTPServer(
				self.address, SimpleHTTPServer.SimpleHTTPRequestHandler)
				def run(self):
				self.httpd.serve_forever()

				if __name__ == '__main__':
				parser = OptionParser()
				parser.add_option('-p', '--port', dest='port', type='int', default=8000,
				help='TCP port to listen on', metavar='PORT')
				parser.add_option('-H', '--host', dest='host', default='localhost',
				help='hostname or IP to listen on', metavar='HOST')
				parser.add_option('--pid', dest='pid',
				help='file name where the PID of the server is stored')
				parser.add_option('-f', '--foreground', dest='foreground',
				action='store_true',
				help='do not start the HTTP server in the background')
				parser.add_option('--daemon-pipefds')

				(options, args) = parser.parse_args()

				signal.signal(signal.SIGTERM, lambda x, y: sys.exit(0))

				if options.foreground and options.pid:
				parser.error("options --pid and --foreground are mutually exclusive")

				opts = {'pid_file': options.pid,
				'daemon': not options.foreground,
				'daemon_pipefds': options.daemon_pipefds}
				service = simplehttpservice(options.host, options.port)
				cmdutil.service(opts, initfn=service.init, runfn=service.run,
				runargs=[sys.executable, __file__] + sys.argv[1:])