Mercurial Mercurial > hg-stable / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/test-audit-path.t
author Gregory Szorc <gregory.szorc@gmail.com>
Tue, 10 Apr 2018 14:29:15 -0700
changeset 37557 734515aca84d
parent 37421 9984488550ea
child 39497 89630d0b3e23
permissions -rw-r--r--
wireproto: define and implement HTTP handshake to upgrade protocol When clients connect to repositories over HTTP, they issue a request to the well-known URL "?cmd=capabilities" to fetch the repository capabilities. This is the handshake portion of the HTTP protocol. This commit defines a mechanism to use that HTTP request to return information about modern server features. If a client sends an X-HgUpgrade-* header containing a list of client-supported API names, the server responds with a response containing information about available services. This includes the normal capabilities string. So if the server doesn't support any newer services, the client can easily fall back. By advertising supported services from clients, server operators can see and log what client support exists in the wild. This will also help with debugging. The response contains the base path to API services. We know there are potential issues with the <repo>/api/ URL space conflicting with hgwebdir and subrepos. By making the API URL dynamic from the perspective of the client, the URL for APIs is not subject to backwards compatibility concerns - at least as long as a ?cmd=capabilities request is made. We've also defined the ``cbor`` client capability for the X-HgProto-* header. This MUST be sent in order to get the modern response from "?cmd=capabilities". During implementation, I initially always sent an application/mercurial-cbor response. However, the handshake mechanism will be more future compatible if the client is in charge of which formats to request. We already perform content negotiation from X-HgProto-*, so keying off this for the capabilities response feels appropriate. In addition, I initially used application/cbor. However, it is conceivable that a non-Mercurial server could serve application/cbor. To rule out this possibility, I've invented a new media type that is Mercurial specific and can't be confused for generic CBOR. Differential Revision: https://phab.mercurial-scm.org/D3242

The simple store doesn't escape paths robustly and can't store paths
with periods, etc. So much of this test fails with it.
#require no-reposimplestore

  $ hg init

audit of .hg

  $ hg add .hg/00changelog.i
  abort: path contains illegal component: .hg/00changelog.i
  [255]

#if symlink

Symlinks

  $ mkdir a
  $ echo a > a/a
  $ hg ci -Ama
  adding a/a
  $ ln -s a b
  $ echo b > a/b
  $ hg add b/b
  abort: path 'b/b' traverses symbolic link 'b'
  [255]
  $ hg add b

should still fail - maybe

  $ hg add b/b
  abort: path 'b/b' traverses symbolic link 'b'
  [255]

  $ hg commit -m 'add symlink b'


Test symlink traversing when accessing history:
-----------------------------------------------

(build a changeset where the path exists as a directory)

  $ hg up 0
  0 files updated, 0 files merged, 1 files removed, 0 files unresolved
  $ mkdir b
  $ echo c > b/a
  $ hg add b/a
  $ hg ci -m 'add directory b'
  created new head

Test that hg cat does not do anything wrong the working copy has 'b' as directory

  $ hg cat b/a
  c
  $ hg cat -r "desc(directory)" b/a
  c
  $ hg cat -r "desc(symlink)" b/a
  b/a: no such file in rev bc151a1f53bd
  [1]

Test that hg cat does not do anything wrong the working copy has 'b' as a symlink (issue4749)

  $ hg up 'desc(symlink)'
  1 files updated, 0 files merged, 1 files removed, 0 files unresolved
  $ hg cat b/a
  b/a: no such file in rev bc151a1f53bd
  [1]
  $ hg cat -r "desc(directory)" b/a
  c
  $ hg cat -r "desc(symlink)" b/a
  b/a: no such file in rev bc151a1f53bd
  [1]

#endif


unbundle tampered bundle

  $ hg init target
  $ cd target
  $ hg unbundle "$TESTDIR/bundles/tampered.hg"
  adding changesets
  adding manifests
  adding file changes
  added 5 changesets with 6 changes to 6 files (+4 heads)
  new changesets b7da9bf6b037:fc1393d727bc
  (run 'hg heads' to see heads, 'hg merge' to merge)

attack .hg/test

  $ hg manifest -r0
  .hg/test
  $ hg update -Cr0
  abort: path contains illegal component: .hg/test
  [255]

attack foo/.hg/test

  $ hg manifest -r1
  foo/.hg/test
  $ hg update -Cr1
  abort: path 'foo/.hg/test' is inside nested repo 'foo'
  [255]

attack back/test where back symlinks to ..

  $ hg manifest -r2
  back
  back/test
#if symlink
  $ hg update -Cr2
  abort: path 'back/test' traverses symbolic link 'back'
  [255]
#else
('back' will be a file and cause some other system specific error)
  $ hg update -Cr2
  abort: $TESTTMP/target/back/test: $ENOTDIR$
  [255]
#endif

attack ../test

  $ hg manifest -r3
  ../test
  $ mkdir ../test
  $ echo data > ../test/file
  $ hg update -Cr3
  abort: path contains illegal component: ../test
  [255]
  $ cat ../test/file
  data

attack /tmp/test

  $ hg manifest -r4
  /tmp/test
  $ hg update -Cr4
  abort: path contains illegal component: /tmp/test
  [255]

  $ cd ..

Test symlink traversal on merge:
--------------------------------

#if symlink

set up symlink hell

  $ mkdir merge-symlink-out
  $ hg init merge-symlink
  $ cd merge-symlink
  $ touch base
  $ hg commit -qAm base
  $ ln -s ../merge-symlink-out a
  $ hg commit -qAm 'symlink a -> ../merge-symlink-out'
  $ hg up -q 0
  $ mkdir a
  $ touch a/poisoned
  $ hg commit -qAm 'file a/poisoned'
  $ hg log -G -T '{rev}: {desc}\n'
  @  2: file a/poisoned
  |
  | o  1: symlink a -> ../merge-symlink-out
  |/
  o  0: base
  

try trivial merge

  $ hg up -qC 1
  $ hg merge 2
  abort: path 'a/poisoned' traverses symbolic link 'a'
  [255]

try rebase onto other revision: cache of audited paths should be discarded,
and the rebase should fail (issue5628)

  $ hg up -qC 2
  $ hg rebase -s 2 -d 1 --config extensions.rebase=
  rebasing 2:e73c21d6b244 "file a/poisoned" (tip)
  abort: path 'a/poisoned' traverses symbolic link 'a'
  [255]
  $ ls ../merge-symlink-out

  $ cd ..

Test symlink traversal on update:
---------------------------------

  $ mkdir update-symlink-out
  $ hg init update-symlink
  $ cd update-symlink
  $ ln -s ../update-symlink-out a
  $ hg commit -qAm 'symlink a -> ../update-symlink-out'
  $ hg rm a
  $ mkdir a && touch a/b
  $ hg ci -qAm 'file a/b' a/b
  $ hg up -qC 0
  $ hg rm a
  $ mkdir a && touch a/c
  $ hg ci -qAm 'rm a, file a/c'
  $ hg log -G -T '{rev}: {desc}\n'
  @  2: rm a, file a/c
  |
  | o  1: file a/b
  |/
  o  0: symlink a -> ../update-symlink-out
  

try linear update where symlink already exists:

  $ hg up -qC 0
  $ hg up 1
  abort: path 'a/b' traverses symbolic link 'a'
  [255]

try linear update including symlinked directory and its content: paths are
audited first by calculateupdates(), where no symlink is created so both
'a' and 'a/b' are taken as good paths. still applyupdates() should fail.

  $ hg up -qC null
  $ hg up 1
  abort: path 'a/b' traverses symbolic link 'a'
  [255]
  $ ls ../update-symlink-out

try branch update replacing directory with symlink, and its content: the
path 'a' is audited as a directory first, which should be audited again as
a symlink.

  $ rm -f a
  $ hg up -qC 2
  $ hg up 1
  abort: path 'a/b' traverses symbolic link 'a'
  [255]
  $ ls ../update-symlink-out

  $ cd ..

#endif
hg-stable