Mercurial Mercurial > mercurial / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/hgweberror.py
author Yuya Nishihara <yuya@tcha.org>
Mon, 07 Aug 2017 22:22:28 +0900
branchstable
changeset 33660 3fee7f7d2da0
parent 27299 74e6de99ce7f
child 36865 3d60a22e27f5
permissions -rw-r--r--
ssh: unban the use of pipe character in user@host:port string This vulnerability was fixed by the previous patch and there were more ways to exploit than using '|shellcmd'. So it doesn't make sense to reject only pipe character. Test cases are updated to actually try to exploit the bug. As the SSH bridge of git/svn subrepos are not managed by our code, the tests for non-hg subrepos are just removed. This may be folded into the original patches.

# A dummy extension that installs an hgweb command that throws an Exception.

from __future__ import absolute_import

from mercurial.hgweb import (
    webcommands,
)

def raiseerror(web, req, tmpl):
    '''Dummy web command that raises an uncaught Exception.'''

    # Simulate an error after partial response.
    if 'partialresponse' in req.form:
        req.respond(200, 'text/plain')
        req.write('partial content\n')

    raise AttributeError('I am an uncaught error!')

def extsetup(ui):
    setattr(webcommands, 'raiseerror', raiseerror)
    webcommands.__all__.append('raiseerror')
mercurial