tests/test-pull-http.t
author Augie Fackler <augie@google.com>
Wed, 12 Apr 2017 11:23:55 -0700
branchstable
changeset 32050 77eaf9539499
parent 30879 4431add9aef9
child 34661 eb586ed5d8ce
permissions -rw-r--r--
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
22046
7a9cbb315d84 tests: replace exit 80 with #require
Matt Mackall <mpm@selenic.com>
parents: 18851
diff changeset
     1
#require killdaemons
4288
8a3e12426c03 test-push-http: use printenv.py
Alexis S. L. Carvalho <alexis@cecm.usp.br>
parents: 2673
diff changeset
     2
12480
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
     3
  $ hg init test
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
     4
  $ cd test
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
     5
  $ echo a > a
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
     6
  $ hg ci -Ama
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
     7
  adding a
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
     8
  $ cd ..
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
     9
  $ hg clone test test2
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    10
  updating to branch default
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    11
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    12
  $ cd test2
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    13
  $ echo a >> a
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    14
  $ hg ci -mb
2481
5c65b4e51610 add tests for push over http.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
    15
15552
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    16
Cloning with a password in the URL should not save the password in .hg/hgrc:
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    17
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    18
  $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    19
  $ cat hg.pid >> $DAEMON_PIDS
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    20
  $ hg clone http://foo:xyzzy@localhost:$HGPORT/ test3
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    21
  requesting all changes
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    22
  adding changesets
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    23
  adding manifests
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    24
  adding file changes
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    25
  added 2 changesets with 2 changes to 1 files
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    26
  updating to branch default
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    27
  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    28
  $ cat test3/.hg/hgrc
29982
3d2ea1403c62 samplehgrcs: use single quotes in use warning
timeless <timeless@mozdev.org>
parents: 29702
diff changeset
    29
  # example repository config (see 'hg help config' for more info)
15552
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    30
  [paths]
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    31
  default = http://foo@localhost:$HGPORT/
22837
2be7d5ebd4d0 config: use the same hgrc for a cloned repo as for an uninitted repo
Jordi Gutiérrez Hermoso <jordigh@octave.org>
parents: 22645
diff changeset
    32
  
2be7d5ebd4d0 config: use the same hgrc for a cloned repo as for an uninitted repo
Jordi Gutiérrez Hermoso <jordigh@octave.org>
parents: 22645
diff changeset
    33
  # path aliases to other clones of this repo in URLs or filesystem paths
29982
3d2ea1403c62 samplehgrcs: use single quotes in use warning
timeless <timeless@mozdev.org>
parents: 29702
diff changeset
    34
  # (see 'hg help config.paths' for more info)
22837
2be7d5ebd4d0 config: use the same hgrc for a cloned repo as for an uninitted repo
Jordi Gutiérrez Hermoso <jordigh@octave.org>
parents: 22645
diff changeset
    35
  #
30879
4431add9aef9 ui: replace obsolete default-push with default:pushurl (issue5485)
Rishabh Madan <rishabhmadan96@gmail.com>
parents: 29982
diff changeset
    36
  # default:pushurl = ssh://jdoe@example.net/hg/jdoes-fork
4431add9aef9 ui: replace obsolete default-push with default:pushurl (issue5485)
Rishabh Madan <rishabhmadan96@gmail.com>
parents: 29982
diff changeset
    37
  # my-fork         = ssh://jdoe@example.net/hg/jdoes-fork
4431add9aef9 ui: replace obsolete default-push with default:pushurl (issue5485)
Rishabh Madan <rishabhmadan96@gmail.com>
parents: 29982
diff changeset
    38
  # my-clone        = /home/jdoe/jdoes-clone
22837
2be7d5ebd4d0 config: use the same hgrc for a cloned repo as for an uninitted repo
Jordi Gutiérrez Hermoso <jordigh@octave.org>
parents: 22645
diff changeset
    39
  
2be7d5ebd4d0 config: use the same hgrc for a cloned repo as for an uninitted repo
Jordi Gutiérrez Hermoso <jordigh@octave.org>
parents: 22645
diff changeset
    40
  [ui]
2be7d5ebd4d0 config: use the same hgrc for a cloned repo as for an uninitted repo
Jordi Gutiérrez Hermoso <jordigh@octave.org>
parents: 22645
diff changeset
    41
  # name and email (local to this repository, optional), e.g.
2be7d5ebd4d0 config: use the same hgrc for a cloned repo as for an uninitted repo
Jordi Gutiérrez Hermoso <jordigh@octave.org>
parents: 22645
diff changeset
    42
  # username = Jane Doe <jdoe@example.com>
25474
8c14f87bd0ae tests: drop DAEMON_PIDS from killdaemons calls
Matt Mackall <mpm@selenic.com>
parents: 25472
diff changeset
    43
  $ killdaemons.py
15552
62c9183a0bbb clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler <durin42@gmail.com>
parents: 13405
diff changeset
    44
12480
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    45
expect error, cloning not allowed
2481
5c65b4e51610 add tests for push over http.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
    46
12480
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    47
  $ echo '[web]' > .hg/hgrc
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    48
  $ echo 'allowpull = false' >> .hg/hgrc
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    49
  $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    50
  $ cat hg.pid >> $DAEMON_PIDS
29702
30c59bdd4f41 tests: remove all remaining usage of experimental.bundle2-exp
Pierre-Yves David <pierre-yves.david@ens-lyon.org>
parents: 29701
diff changeset
    51
  $ hg clone http://localhost:$HGPORT/ test4 # bundle2+
25372
df723a2655e9 test: use both bundle formats in test-pull-http
Pierre-Yves David <pierre-yves.david@fb.com>
parents: 22837
diff changeset
    52
  requesting all changes
df723a2655e9 test: use both bundle formats in test-pull-http
Pierre-Yves David <pierre-yves.david@fb.com>
parents: 22837
diff changeset
    53
  abort: authorization failed
df723a2655e9 test: use both bundle formats in test-pull-http
Pierre-Yves David <pierre-yves.david@fb.com>
parents: 22837
diff changeset
    54
  [255]
29701
ac9b85079122 tests: use 'legacy.exchange' option in various mixed tests
Pierre-Yves David <pierre-yves.david@ens-lyon.org>
parents: 25474
diff changeset
    55
  $ hg clone http://localhost:$HGPORT/ test4 --config devel.legacy.exchange=bundle1
12480
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    56
  abort: authorization failed
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    57
  [255]
25474
8c14f87bd0ae tests: drop DAEMON_PIDS from killdaemons calls
Matt Mackall <mpm@selenic.com>
parents: 25472
diff changeset
    58
  $ killdaemons.py
12480
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    59
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    60
serve errors
6778
959efdac4a9c tests: add some tests for web.allowpull configurations
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 6167
diff changeset
    61
12480
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    62
  $ cat errors.log
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    63
  $ req() {
12743
4c4aeaab2339 check-code: add 'no tab indent' check for unified tests
Adrian Buehlmann <adrian@cadifra.com>
parents: 12643
diff changeset
    64
  >     hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
4c4aeaab2339 check-code: add 'no tab indent' check for unified tests
Adrian Buehlmann <adrian@cadifra.com>
parents: 12643
diff changeset
    65
  >     cat hg.pid >> $DAEMON_PIDS
4c4aeaab2339 check-code: add 'no tab indent' check for unified tests
Adrian Buehlmann <adrian@cadifra.com>
parents: 12643
diff changeset
    66
  >     hg --cwd ../test pull http://localhost:$HGPORT/
25472
4d2b9b304ad0 tests: drop explicit $TESTDIR from executables
Matt Mackall <mpm@selenic.com>
parents: 25405
diff changeset
    67
  >     killdaemons.py hg.pid
12743
4c4aeaab2339 check-code: add 'no tab indent' check for unified tests
Adrian Buehlmann <adrian@cadifra.com>
parents: 12643
diff changeset
    68
  >     echo % serve errors
4c4aeaab2339 check-code: add 'no tab indent' check for unified tests
Adrian Buehlmann <adrian@cadifra.com>
parents: 12643
diff changeset
    69
  >     cat errors.log
12480
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    70
  > }
6167
f53b9a383476 tests: easier hg serve error diagnosis
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 5386
diff changeset
    71
12480
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    72
expect error, pulling not allowed
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    73
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    74
  $ req
12643
d08bb64888bc tests: reintroduce ":$HGPORT" in test output
Mads Kiilerich <mads@kiilerich.com>
parents: 12480
diff changeset
    75
  pulling from http://localhost:$HGPORT/
25391
c66d95aa1270 test: use bundle2 in test-pull-http
Pierre-Yves David <pierre-yves.david@fb.com>
parents: 25372
diff changeset
    76
  searching for changes
12480
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    77
  abort: authorization failed
4a5048c359d7 tests: unify test-pull-http
Matt Mackall <mpm@selenic.com>
parents: 10398
diff changeset
    78
  % serve errors
16913
f2719b387380 tests: add missing trailing 'cd ..'
Mads Kiilerich <mads@kiilerich.com>
parents: 15555
diff changeset
    79
f2719b387380 tests: add missing trailing 'cd ..'
Mads Kiilerich <mads@kiilerich.com>
parents: 15555
diff changeset
    80
  $ cd ..