mercurial: tests/test-bad-pull.t@77eaf9539499 (annotated)

dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

22959 10116463b0b1 tests: pull common http server setup out of individual tests Mike Hommey <mh@glandium.org> parents: 22046 diff changeset	1	#require serve killdaemons
15446 c5c9ca3719f9 tests: use 'hghave serve' to guard tests that requires serve daemon management Mads Kiilerich <mads@kiilerich.com> parents: 12376 diff changeset	2
17019 5d0538599428 test-bad-pull: partially adjust for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 16496 diff changeset	3	$ hg clone http://localhost:$HGPORT/ copy
5d0538599428 test-bad-pull: partially adjust for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 16496 diff changeset	4	abort: * (glob)
5d0538599428 test-bad-pull: partially adjust for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 16496 diff changeset	5	[255]
395 fbe8834923c5 commands: report http exceptions nicely mpm@selenic.com parents: diff changeset	6
15515 21766d5531cb tests: remove hacks for testing if file or directory exists Mads Kiilerich <mads@kiilerich.com> parents: 15446 diff changeset	7	$ test -d copy
21766d5531cb tests: remove hacks for testing if file or directory exists Mads Kiilerich <mads@kiilerich.com> parents: 15446 diff changeset	8	[1]
395 fbe8834923c5 commands: report http exceptions nicely mpm@selenic.com parents: diff changeset	9
22959 10116463b0b1 tests: pull common http server setup out of individual tests Mike Hommey <mh@glandium.org> parents: 22046 diff changeset	10	$ python "$TESTDIR/dumbhttp.py" -p $HGPORT --pid dumb.pid
10116463b0b1 tests: pull common http server setup out of individual tests Mike Hommey <mh@glandium.org> parents: 22046 diff changeset	11	$ cat dumb.pid >> $DAEMON_PIDS
16334 b9bd95e61b49 tests: fix shutdown race in test-bad-pull Matt Mackall <mpm@selenic.com> parents: 16296 diff changeset	12	$ hg clone http://localhost:$HGPORT/foo copy2
b9bd95e61b49 tests: fix shutdown race in test-bad-pull Matt Mackall <mpm@selenic.com> parents: 16296 diff changeset	13	abort: HTTP Error 404: * (glob)
b9bd95e61b49 tests: fix shutdown race in test-bad-pull Matt Mackall <mpm@selenic.com> parents: 16296 diff changeset	14	[255]
25474 8c14f87bd0ae tests: drop DAEMON_PIDS from killdaemons calls Matt Mackall <mpm@selenic.com> parents: 25472 diff changeset	15	$ killdaemons.py

author	Augie Fackler <augie@google.com>
	Wed, 12 Apr 2017 11:23:55 -0700
branch	stable
changeset 32050	77eaf9539499
parent 29514	280528245ecf
child 32940	75be14993fda
permissions	-rw-r--r--