Mercurial Mercurial > mercurial / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/test-audit-path.t
author Gregory Szorc <gregory.szorc@gmail.com>
Sun, 26 Jun 2016 19:34:48 -0700
branchstable
changeset 29452 26a5d605b868
parent 27234 15c6eb0a51bd
child 33632 0134d839444b
permissions -rw-r--r--
sslutil: synchronize hostname matching logic with CPython sslutil contains its own hostname matching logic. CPython has code for the same intent. However, it is only available to Python 2.7.9+ (or distributions that have backported 2.7.9's ssl module improvements). This patch effectively imports CPython's hostname matching code from its ssl.py into sslutil.py. The hostname matching code itself is pretty similar. However, the DNS name matching code is much more robust and spec conformant. As the test changes show, this changes some behavior around wildcard handling and IDNA matching. The new behavior allows wildcards in the middle of words (e.g. 'f*.com' matches 'foo.com') This is spec compliant according to RFC 6125 Section 6.5.3 item 3. There is one test where the matcher is more strict. Before, '*.a.com' matched '.a.com'. Now it doesn't match. Strictly speaking this is a security vulnerability.

  $ hg init

audit of .hg

  $ hg add .hg/00changelog.i
  abort: path contains illegal component: .hg/00changelog.i (glob)
  [255]

#if symlink

Symlinks

  $ mkdir a
  $ echo a > a/a
  $ hg ci -Ama
  adding a/a
  $ ln -s a b
  $ echo b > a/b
  $ hg add b/b
  abort: path 'b/b' traverses symbolic link 'b' (glob)
  [255]
  $ hg add b

should still fail - maybe

  $ hg add b/b
  abort: path 'b/b' traverses symbolic link 'b' (glob)
  [255]

  $ hg commit -m 'add symlink b'


Test symlink traversing when accessing history:
-----------------------------------------------

(build a changeset where the path exists as a directory)

  $ hg up 0
  0 files updated, 0 files merged, 1 files removed, 0 files unresolved
  $ mkdir b
  $ echo c > b/a
  $ hg add b/a
  $ hg ci -m 'add directory b'
  created new head

Test that hg cat does not do anything wrong the working copy has 'b' as directory

  $ hg cat b/a
  c
  $ hg cat -r "desc(directory)" b/a
  c
  $ hg cat -r "desc(symlink)" b/a
  b/a: no such file in rev bc151a1f53bd
  [1]

Test that hg cat does not do anything wrong the working copy has 'b' as a symlink (issue4749)

  $ hg up 'desc(symlink)'
  1 files updated, 0 files merged, 1 files removed, 0 files unresolved
  $ hg cat b/a
  b/a: no such file in rev bc151a1f53bd
  [1]
  $ hg cat -r "desc(directory)" b/a
  c
  $ hg cat -r "desc(symlink)" b/a
  b/a: no such file in rev bc151a1f53bd
  [1]

#endif


unbundle tampered bundle

  $ hg init target
  $ cd target
  $ hg unbundle "$TESTDIR/bundles/tampered.hg"
  adding changesets
  adding manifests
  adding file changes
  added 5 changesets with 6 changes to 6 files (+4 heads)
  (run 'hg heads' to see heads, 'hg merge' to merge)

attack .hg/test

  $ hg manifest -r0
  .hg/test
  $ hg update -Cr0
  abort: path contains illegal component: .hg/test (glob)
  [255]

attack foo/.hg/test

  $ hg manifest -r1
  foo/.hg/test
  $ hg update -Cr1
  abort: path 'foo/.hg/test' is inside nested repo 'foo' (glob)
  [255]

attack back/test where back symlinks to ..

  $ hg manifest -r2
  back
  back/test
#if symlink
  $ hg update -Cr2
  abort: path 'back/test' traverses symbolic link 'back'
  [255]
#else
('back' will be a file and cause some other system specific error)
  $ hg update -Cr2
  abort: * (glob)
  [255]
#endif

attack ../test

  $ hg manifest -r3
  ../test
  $ hg update -Cr3
  abort: path contains illegal component: ../test (glob)
  [255]

attack /tmp/test

  $ hg manifest -r4
  /tmp/test
  $ hg update -Cr4
  abort: path contains illegal component: /tmp/test (glob)
  [255]

  $ cd ..
mercurial