upstream/mercurial-mirror Files · hgext/highlight/highlight.py

sslutil: issue warning when [hostfingerprint] is used...

sslutil: issue warning when [hostfingerprint] is used Mercurial 3.9 added the [hostsecurity] section, which is better than [hostfingerprints] in every way. One of the ways that [hostsecurity] is better is that it supports SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints. The world is moving away from SHA-1 because it is borderline secure. Mercurial should be part of that movement. This patch adds a warning when a valid SHA-1 fingerprint from the [hostfingerprints] section is being used. The warning informs users to switch to [hostsecurity]. It even prints the config option they should set. It uses the SHA-256 fingerprint because recommending a SHA-1 fingerprint in 2017 would be ill-advised. The warning will print itself on every connection to a server until it is fixed. There is no way to suppress the warning. I admit this is annoying. But given the security implications of sticking with SHA-1, I think this is justified. If this patch is accepted, I'll likely send a follow-up to start warning on SHA-1 certificates in [hostsecurity] as well. Then sometime down the road, we can drop support for SHA-1 fingerprints. Credit for this idea comes from timeless in issue 5466.

Pulkit Goyal - - Load All Authors

File last commit:

r29485:6a98f940 default


                r31290:f819aa9d

default

Download file

             highlight.py
        
                    88 lines
            
             | 2.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / hgext / highlight / highlight.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # highlight.py - highlight extension implementation file

      #

      #  Copyright 2007-2009 Adam Hupp <adam@hupp.org> and others

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

      #

      # The original module was split in an interface and an implementation

      # file to defer pygments loading and speedup extension setup.

      from __future__ import absolute_import

      import pygments

      import pygments.formatters

      import pygments.lexers

      import pygments.util

      from mercurial import demandimport

      demandimport.ignore.extend(['pkgutil', 'pkg_resources', '__main__'])

      from mercurial import (

          encoding,

          util,

      )

      highlight = pygments.highlight

      ClassNotFound = pygments.util.ClassNotFound

      guess_lexer = pygments.lexers.guess_lexer

      guess_lexer_for_filename = pygments.lexers.guess_lexer_for_filename

      TextLexer = pygments.lexers.TextLexer

      HtmlFormatter = pygments.formatters.HtmlFormatter

      SYNTAX_CSS = ('\n<link rel="stylesheet" href="{url}highlightcss" '

                    'type="text/css" />')

      def pygmentize(field, fctx, style, tmpl, guessfilenameonly=False):

          # append a <link ...> to the syntax highlighting css

          old_header = tmpl.load('header')

          if SYNTAX_CSS not in old_header:

              new_header = old_header + SYNTAX_CSS

              tmpl.cache['header'] = new_header

          text = fctx.data()

          if util.binary(text):

              return

          # str.splitlines() != unicode.splitlines() because "reasons"

          for c in "\x0c\x1c\x1d\x1e":

              if c in text:

                  text = text.replace(c, '')

          # Pygments is best used with Unicode strings:

          # <http://pygments.org/docs/unicode/>

          text = text.decode(encoding.encoding, 'replace')

          # To get multi-line strings right, we can't format line-by-line

          try:

              lexer = guess_lexer_for_filename(fctx.path(), text[:1024],

                                               stripnl=False)

          except (ClassNotFound, ValueError):

              # guess_lexer will return a lexer if *any* lexer matches. There is

              # no way to specify a minimum match score. This can give a high rate of

              # false positives on files with an unknown filename pattern.

              if guessfilenameonly:

                  return

              try:

                  lexer = guess_lexer(text[:1024], stripnl=False)

              except (ClassNotFound, ValueError):

                  # Don't highlight unknown files

                  return

          # Don't highlight text files

          if isinstance(lexer, TextLexer):

              return

          formatter = HtmlFormatter(nowrap=True, style=style)

          colorized = highlight(text, lexer, formatter)

          coloriter = (s.encode(encoding.encoding, 'replace')

                       for s in colorized.splitlines())

          tmpl.filters['colorize'] = lambda x: next(coloriter)

          oldl = tmpl.cache[field]

          newl = oldl.replace('line|escape', 'line|colorize')

          tmpl.cache[field] = newl

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# highlight.py - highlight extension implementation file
				#
				# Copyright 2007-2009 Adam Hupp <adam@hupp.org> and others
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.
				#
				# The original module was split in an interface and an implementation
				# file to defer pygments loading and speedup extension setup.

				from __future__ import absolute_import

				import pygments
				import pygments.formatters
				import pygments.lexers
				import pygments.util

				from mercurial import demandimport
				demandimport.ignore.extend(['pkgutil', 'pkg_resources', '__main__'])

				from mercurial import (
				encoding,
				util,
				)

				highlight = pygments.highlight
				ClassNotFound = pygments.util.ClassNotFound
				guess_lexer = pygments.lexers.guess_lexer
				guess_lexer_for_filename = pygments.lexers.guess_lexer_for_filename
				TextLexer = pygments.lexers.TextLexer
				HtmlFormatter = pygments.formatters.HtmlFormatter

				SYNTAX_CSS = ('\n<link rel="stylesheet" href="{url}highlightcss" '
				'type="text/css" />')

				def pygmentize(field, fctx, style, tmpl, guessfilenameonly=False):

				# append a <link ...> to the syntax highlighting css
				old_header = tmpl.load('header')
				if SYNTAX_CSS not in old_header:
				new_header = old_header + SYNTAX_CSS
				tmpl.cache['header'] = new_header

				text = fctx.data()
				if util.binary(text):
				return

				# str.splitlines() != unicode.splitlines() because "reasons"
				for c in "\x0c\x1c\x1d\x1e":
				if c in text:
				text = text.replace(c, '')

				# Pygments is best used with Unicode strings:
				# <http://pygments.org/docs/unicode/>
				text = text.decode(encoding.encoding, 'replace')

				# To get multi-line strings right, we can't format line-by-line
				try:
				lexer = guess_lexer_for_filename(fctx.path(), text[:1024],
				stripnl=False)
				except (ClassNotFound, ValueError):
				# guess_lexer will return a lexer if any lexer matches. There is
				# no way to specify a minimum match score. This can give a high rate of
				# false positives on files with an unknown filename pattern.
				if guessfilenameonly:
				return

				try:
				lexer = guess_lexer(text[:1024], stripnl=False)
				except (ClassNotFound, ValueError):
				# Don't highlight unknown files
				return

				# Don't highlight text files
				if isinstance(lexer, TextLexer):
				return

				formatter = HtmlFormatter(nowrap=True, style=style)

				colorized = highlight(text, lexer, formatter)
				coloriter = (s.encode(encoding.encoding, 'replace')
				for s in colorized.splitlines())

				tmpl.filters['colorize'] = lambda x: next(coloriter)

				oldl = tmpl.cache[field]
				newl = oldl.replace('line\|escape', 'line\|colorize')
				tmpl.cache[field] = newl