Mercurial > hg
annotate tests/test-newcgi.t @ 43658:0796e266d26b
dirs: resolve fuzzer OOM situation by disallowing deep directory hierarchies
It seems like 2048 directories ought to be enough for any reasonable
use of Mercurial?
A previous version of this patch scanned for slashes before any allocations
occurred. That approach is slower than this in the happy path, but much faster
than this in the case that too many slashes are encountered. We may want to
revisit it in the future using memchr() so it'll be well-optimized by the libc
we're using.
.. bc:
Mercurial will now defend against OOMs by refusing to operate on
paths with 2048 or more components. This means that _extremely_
deep path hierarchies will be rejected, but we anticipate nobody
is using hierarchies this deep.
Differential Revision: https://phab.mercurial-scm.org/D7411
author | Augie Fackler <augie@google.com> |
---|---|
date | Tue, 12 Nov 2019 10:17:59 -0500 |
parents | 9448b2e4c9fa |
children | d5cd1fd690f3 |
rev | line source |
---|---|
22046
7a9cbb315d84
tests: replace exit 80 with #require
Matt Mackall <mpm@selenic.com>
parents:
15567
diff
changeset
|
1 #require no-msys # MSYS will translate web paths as if they were file paths |
15567
8b84d040d9f9
tests: introduce 'hghave msys' to skip tests that would fail because of msys
Mads Kiilerich <mads@kiilerich.com>
parents:
13269
diff
changeset
|
2 |
12470 | 3 This tests if CGI files from after d0db3462d568 but |
4 before d74fc8dec2b4 still work. | |
5577
e0173902c813
CGI compatibility fix for d74fc8dec2b4.
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
diff
changeset
|
5 |
12470 | 6 $ hg init test |
7 $ cat >hgweb.cgi <<HGWEB | |
32938
b6776b34e44e
tests: use $PYTHON in #! so we always use the right Python
Augie Fackler <augie@google.com>
parents:
22046
diff
changeset
|
8 > #!$PYTHON |
12470 | 9 > # |
10 > # An example CGI script to use hgweb, edit as necessary | |
11 > | |
12 > import cgitb | |
13 > cgitb.enable() | |
14 > | |
15 > from mercurial import demandimport; demandimport.enable() | |
16 > from mercurial.hgweb import hgweb | |
17 > from mercurial.hgweb import wsgicgi | |
18 > from mercurial.hgweb.request import wsgiapplication | |
19 > | |
20 > def make_web_app(): | |
41346 | 21 > return hgweb(b"test", b"Empty test repository") |
12470 | 22 > |
23 > wsgicgi.launch(wsgiapplication(make_web_app)) | |
24 > HGWEB | |
5577
e0173902c813
CGI compatibility fix for d74fc8dec2b4.
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
diff
changeset
|
25 |
12470 | 26 $ chmod 755 hgweb.cgi |
5577
e0173902c813
CGI compatibility fix for d74fc8dec2b4.
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
diff
changeset
|
27 |
12470 | 28 $ cat >hgweb.config <<HGWEBDIRCONF |
29 > [paths] | |
30 > test = test | |
31 > HGWEBDIRCONF | |
5577
e0173902c813
CGI compatibility fix for d74fc8dec2b4.
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
diff
changeset
|
32 |
12470 | 33 $ cat >hgwebdir.cgi <<HGWEBDIR |
32938
b6776b34e44e
tests: use $PYTHON in #! so we always use the right Python
Augie Fackler <augie@google.com>
parents:
22046
diff
changeset
|
34 > #!$PYTHON |
12470 | 35 > # |
36 > # An example CGI script to export multiple hgweb repos, edit as necessary | |
37 > | |
38 > import cgitb | |
39 > cgitb.enable() | |
40 > | |
41 > from mercurial import demandimport; demandimport.enable() | |
42 > from mercurial.hgweb import hgwebdir | |
43 > from mercurial.hgweb import wsgicgi | |
44 > from mercurial.hgweb.request import wsgiapplication | |
45 > | |
46 > def make_web_app(): | |
41346 | 47 > return hgwebdir(b"hgweb.config") |
12470 | 48 > |
49 > wsgicgi.launch(wsgiapplication(make_web_app)) | |
50 > HGWEBDIR | |
5577
e0173902c813
CGI compatibility fix for d74fc8dec2b4.
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
diff
changeset
|
51 |
12470 | 52 $ chmod 755 hgwebdir.cgi |
5577
e0173902c813
CGI compatibility fix for d74fc8dec2b4.
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
diff
changeset
|
53 |
13269
aa3f726a2bdb
tests: remove duplication of the CGI environment variables
StevenGBrown
parents:
12743
diff
changeset
|
54 $ . "$TESTDIR/cgienv" |
39707
5abc47d4ca6b
tests: quote PYTHON usage
Matt Harbison <matt_harbison@yahoo.com>
parents:
33262
diff
changeset
|
55 $ "$PYTHON" hgweb.cgi > page1 |
5abc47d4ca6b
tests: quote PYTHON usage
Matt Harbison <matt_harbison@yahoo.com>
parents:
33262
diff
changeset
|
56 $ "$PYTHON" hgwebdir.cgi > page2 |
12470 | 57 |
58 $ PATH_INFO="/test/" | |
59 $ PATH_TRANSLATED="/var/something/test.cgi" | |
60 $ REQUEST_URI="/test/test/" | |
61 $ SCRIPT_URI="http://hg.omnifarious.org/test/test/" | |
62 $ SCRIPT_URL="/test/test/" | |
39707
5abc47d4ca6b
tests: quote PYTHON usage
Matt Harbison <matt_harbison@yahoo.com>
parents:
33262
diff
changeset
|
63 $ "$PYTHON" hgwebdir.cgi > page3 |
12470 | 64 |
65 $ grep -i error page1 page2 page3 | |
66 [1] |