# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1536687367 25200
# Node ID 55eea29833d24742951df3e642db58ab24914235
# Parent  0d572769046a2bf9aa823550a1aa3a58e3c3c2dd
narrow: validate patterns returned by expandnarrow

Remotes could supply malicious or invalid patterns. We should
validate them as soon as possible.

Differential Revision: https://phab.mercurial-scm.org/D4523

diff -r 0d572769046a -r 55eea29833d2 hgext/narrow/narrowcommands.py
--- a/hgext/narrow/narrowcommands.py	Tue Sep 11 15:25:35 2018 -0700
+++ b/hgext/narrow/narrowcommands.py	Tue Sep 11 10:36:07 2018 -0700
@@ -71,7 +71,15 @@
         includepats, excludepats, heads)
     pullop.repo.ui.debug('Expanded narrowspec to inc=%s, exc=%s\n' % (
         includepats, excludepats))
-    return set(includepats), set(excludepats)
+
+    includepats = set(includepats)
+    excludepats = set(excludepats)
+
+    # Nefarious remote could supply unsafe patterns. Validate them.
+    narrowspec.validatepatterns(includepats)
+    narrowspec.validatepatterns(excludepats)
+
+    return includepats, excludepats
 
 def clonenarrowcmd(orig, ui, repo, *args, **opts):
     """Wraps clone command, so 'hg clone' first wraps localrepo.clone()."""