Mercurial Mercurial > hg-stable / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/test-revlog.t
author Matt Harbison <matt_harbison@yahoo.com>
Sat, 31 Mar 2018 15:20:43 -0400
changeset 37250 dfb38c4850a9
parent 36514 71d1bbf1617e
child 37284 009d0283de5f
permissions -rw-r--r--
lfs: add an experimental knob to disable blob serving The use case here is the server admin may want to store the blobs elsewhere. As it stands now, the `lfs.url` config on the client side is all that enforces this (the web.allow-* permissions aren't able to block LFS blobs without also blocking normal hg traffic). The real solution to this is to implement the 'verify' action on the client and server, but that's not a near term goal. Whether this is useful in its own right, and should be promoted out of experimental at some point is TBD. Since the other two tests that deal with LFS and `hg serve` are already complex and have #testcases, this seems like a good time to start a new test dedicated to access checks against the server. Instead of conditionally wrapping the wire protocol handler, I put this in the handler because I'd still like to bring the annotations in from the evolve extension in order to set up the wrapping. The 400 status probably isn't great, but that's what it would be for existing `hg serve` instances without support for serving blobs.

  $ hg init empty-repo
  $ cd empty-repo

Flags on revlog version 0 are rejected

  >>> with open('.hg/store/00changelog.i', 'wb') as fh:
  ...     fh.write(b'\x00\x01\x00\x00')

  $ hg log
  abort: unknown flags (0x01) in version 0 revlog 00changelog.i!
  [255]

Unknown flags on revlog version 1 are rejected

  >>> with open('.hg/store/00changelog.i', 'wb') as fh:
  ...     fh.write(b'\x00\x04\x00\x01')

  $ hg log
  abort: unknown flags (0x04) in version 1 revlog 00changelog.i!
  [255]

Unknown version is rejected

  >>> with open('.hg/store/00changelog.i', 'wb') as fh:
  ...     fh.write(b'\x00\x00\x00\x02')

  $ hg log
  abort: unknown version (2) in revlog 00changelog.i!
  [255]

  $ cd ..

Test for CVE-2016-3630

  $ hg init

  >>> open("a.i", "wb").write(
  ... b"""eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
  ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
  ... .decode("base64").decode("zlib"))

  $ hg debugindex a.i
     rev    offset  length  delta linkrev nodeid       p1           p2
       0         0      19     -1       2 99e0332bd498 000000000000 000000000000
       1        19      12      0       3 6674f57a23d8 99e0332bd498 000000000000
  $ hg debugdata a.i 1 2>&1 | egrep 'Error:.*decoded'
  (mercurial\.\w+\.mpatch\.)?mpatchError: patch cannot be decoded (re)
hg-stable