tests/test-hgweb-csp.t
procutils: don't try to get `.buffer` if sys.stdin is None
While hunting down following test failure of test-chg.t on Python 3, I stumbled
the case when `.buffer` is not available as sys.stdin is None.
--- /home/pulkit/repo/hg-committed/tests/test-chg.t
+++ /home/pulkit/repo/hg-committed/tests/test-chg.t.err
@@ -203,7 +203,31 @@
$ CHGDEBUG=1 chg version -q 0<&-
chg: debug: * stdio fds are missing (glob)
chg: debug: * execute original hg (glob)
- Mercurial Distributed SCM * (glob)
+ Traceback (most recent call last):
+ File "/tmp/hgtests.avspvsq4/install/bin/hg", line 43, in <module>
+ dispatch.run()
+ File "/usr/lib/python3.6/importlib/util.py", line 233, in
__getattribute__
+ self.__spec__.loader.exec_module(self)
+ File "<frozen importlib._bootstrap_external>", line 678, in
exec_module
+ File "<frozen importlib._bootstrap>", line 219, in
_call_with_frames_removed
+ File
"/tmp/hgtests.avspvsq4/install/lib/python/mercurial/dispatch.py", line
726, in <module>
+ class lazyaliasentry(object):
+ File
"/tmp/hgtests.avspvsq4/install/lib/python/mercurial/dispatch.py", line
737, in lazyaliasentry
+ @util.propertycache
+ File "/usr/lib/python3.6/importlib/util.py", line 233, in
__getattribute__
+ self.__spec__.loader.exec_module(self)
+ File "<frozen importlib._bootstrap_external>", line 678, in
exec_module
+ File "<frozen importlib._bootstrap>", line 219, in
_call_with_frames_removed
+ File "/tmp/hgtests.avspvsq4/install/lib/python/mercurial/util.py",
line 3473, in <module>
+ f=procutil.stderr,
+ File "/usr/lib/python3.6/importlib/util.py", line 233, in
__getattribute__
+ self.__spec__.loader.exec_module(self)
+ File "<frozen importlib._bootstrap_external>", line 678, in
exec_module
+ File "<frozen importlib._bootstrap>", line 219, in
_call_with_frames_removed
+ File
"/tmp/hgtests.avspvsq4/install/lib/python/mercurial/utils/procutil.py",
line 127, in <module>
+ stdin = sys.stdin.buffer
+ AttributeError: 'NoneType' object has no attribute 'buffer'
+ [1]
server lifecycle
----------------
Differential Revision: https://phab.mercurial-scm.org/D9500
#require serve
$ cat > web.conf << EOF
> [paths]
> / = $TESTTMP/*
> EOF
$ hg init repo1
$ cd repo1
$ touch foo
$ hg -q commit -A -m initial
$ cd ..
$ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf
$ cat hg.pid >> $DAEMON_PIDS
repo index should not send Content-Security-Policy header by default
$ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag
200 Script output follows
static page should not send CSP by default
$ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag
200 Script output follows
repo page should not send CSP by default, should send ETag
$ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag
200 Script output follows
etag: W/"*" (glob)
$ killdaemons.py
Configure CSP without nonce
$ cat >> web.conf << EOF
> [web]
> csp = script-src https://example.com/ 'unsafe-inline'
> EOF
$ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf
$ cat hg.pid > $DAEMON_PIDS
repo index should send Content-Security-Policy header when enabled
$ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag
200 Script output follows
content-security-policy: script-src https://example.com/ 'unsafe-inline'
static page should send CSP when enabled
$ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag
200 Script output follows
content-security-policy: script-src https://example.com/ 'unsafe-inline'
$ get-with-headers.py --twice --headeronly localhost:$HGPORT repo1/static/style.css content-security-policy
200 Script output follows
content-security-policy: script-src https://example.com/ 'unsafe-inline'
304 Not Modified
content-security-policy: script-src https://example.com/ 'unsafe-inline'
repo page should send CSP by default, include etag w/o nonce
$ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag
200 Script output follows
content-security-policy: script-src https://example.com/ 'unsafe-inline'
etag: W/"*" (glob)
nonce should not be added to html if CSP doesn't use it
$ get-with-headers.py localhost:$HGPORT repo1/graph/tip | egrep 'content-security-policy|<script'
<script type="text/javascript" src="/repo1/static/mercurial.js"></script>
<script type="text/javascript">
<script type="text/javascript">
Configure CSP with nonce
$ killdaemons.py
$ cat >> web.conf << EOF
> csp = image-src 'self'; script-src https://example.com/ 'nonce-%nonce%'
> EOF
$ hg serve -p $HGPORT -d --pid-file=hg.pid --web-conf web.conf
$ cat hg.pid > $DAEMON_PIDS
nonce should be substituted in CSP header
$ get-with-headers.py --headeronly localhost:$HGPORT '' content-security-policy etag
200 Script output follows
content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
nonce should be included in CSP for static pages
$ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag
200 Script output follows
content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
repo page should have nonce, no ETag
$ get-with-headers.py --headeronly localhost:$HGPORT repo1 content-security-policy etag
200 Script output follows
content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
nonce should be added to html when used
$ get-with-headers.py localhost:$HGPORT repo1/graph/tip content-security-policy | egrep 'content-security-policy|<script'
content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
<script type="text/javascript" src="/repo1/static/mercurial.js"></script>
<script type="text/javascript" nonce="*"> (glob)
<script type="text/javascript" nonce="*"> (glob)
hgweb_mod w/o hgwebdir works as expected
$ killdaemons.py
$ hg serve -R repo1 -p $HGPORT -d --pid-file=hg.pid --config "web.csp=image-src 'self'; script-src https://example.com/ 'nonce-%nonce%'"
$ cat hg.pid > $DAEMON_PIDS
static page sends CSP
$ get-with-headers.py --headeronly localhost:$HGPORT static/mercurial.js content-security-policy etag
200 Script output follows
content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
nonce included in <script> and headers
$ get-with-headers.py localhost:$HGPORT graph/tip content-security-policy | egrep 'content-security-policy|<script'
content-security-policy: image-src 'self'; script-src https://example.com/ 'nonce-*' (glob)
<script type="text/javascript" src="/static/mercurial.js"></script>
<script type="text/javascript" nonce="*"> (glob)
<script type="text/javascript" nonce="*"> (glob)