annotate mercurial/policy.py @ 33650:0b3fe3910ef5 stable

util: add utility method to check for bad ssh urls (SEC) Our use of SSH has an exploit that will parse the first part of an url blindly as a hostname. Prior to this set of security patches, a url with '-oProxyCommand' could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' can be abused to execute arbitrary commands in a similar fashion. We defend against this by checking ssh:// URLs and looking for a hostname that starts with a - or contains a |. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.
author Sean Farley <sean@farley.io>
date Fri, 28 Jul 2017 16:32:25 -0700
parents 3f5d675fddf4
children cd2aca0808f8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
29266
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
1 # policy.py - module policy logic for Mercurial.
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
2 #
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
3 # Copyright 2015 Gregory Szorc <gregory.szorc@gmail.com>
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
4 #
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
5 # This software may be used and distributed according to the terms of the
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
6 # GNU General Public License version 2 or any later version.
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
7
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
8 from __future__ import absolute_import
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
9
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
10 import os
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
11 import sys
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
12
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
13 # Rules for how modules can be loaded. Values are:
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
14 #
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
15 # c - require C extensions
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
16 # allow - allow pure Python implementation when C loading fails
29490
b4d117cee636 policy: add cffi policy for PyPy
Maciej Fijalkowski <fijall@gmail.com>
parents: 29266
diff changeset
17 # cffi - required cffi versions (implemented within pure module)
b4d117cee636 policy: add cffi policy for PyPy
Maciej Fijalkowski <fijall@gmail.com>
parents: 29266
diff changeset
18 # cffi-allow - allow pure Python implementation if cffi version is missing
29266
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
19 # py - only load pure Python modules
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
20 #
32251
a04f5c651e52 policy: relax the default for in-place build
Yuya Nishihara <yuya@tcha.org>
parents: 32210
diff changeset
21 # By default, fall back to the pure modules so the in-place build can
a04f5c651e52 policy: relax the default for in-place build
Yuya Nishihara <yuya@tcha.org>
parents: 32210
diff changeset
22 # run without recompiling the C extensions. This will be overridden by
a04f5c651e52 policy: relax the default for in-place build
Yuya Nishihara <yuya@tcha.org>
parents: 32210
diff changeset
23 # __modulepolicy__ generated by setup.py.
a04f5c651e52 policy: relax the default for in-place build
Yuya Nishihara <yuya@tcha.org>
parents: 32210
diff changeset
24 policy = b'allow'
32366
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
25 _packageprefs = {
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
26 # policy: (versioned package, pure package)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
27 b'c': (r'cext', None),
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
28 b'allow': (r'cext', r'pure'),
32512
0e8b0b9a7acc cffi: split modules from pure
Yuya Nishihara <yuya@tcha.org>
parents: 32511
diff changeset
29 b'cffi': (r'cffi', None),
0e8b0b9a7acc cffi: split modules from pure
Yuya Nishihara <yuya@tcha.org>
parents: 32511
diff changeset
30 b'cffi-allow': (r'cffi', r'pure'),
32366
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
31 b'py': (None, r'pure'),
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
32 }
29490
b4d117cee636 policy: add cffi policy for PyPy
Maciej Fijalkowski <fijall@gmail.com>
parents: 29266
diff changeset
33
29266
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
34 try:
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
35 from . import __modulepolicy__
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
36 policy = __modulepolicy__.modulepolicy
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
37 except ImportError:
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
38 pass
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
39
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
40 # PyPy doesn't load C extensions.
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
41 #
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
42 # The canonical way to do this is to test platform.python_implementation().
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
43 # But we don't import platform and don't bloat for it here.
32210
56148133ef36 policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents: 31361
diff changeset
44 if r'__pypy__' in sys.builtin_module_names:
56148133ef36 policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents: 31361
diff changeset
45 policy = b'cffi'
29266
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
46
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
47 # Our C extensions aren't yet compatible with Python 3. So use pure Python
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
48 # on Python 3 for now.
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
49 if sys.version_info[0] >= 3:
31308
62939e0148f1 policy: try and always have a bytes for module policy
Augie Fackler <raf@durin42.com>
parents: 29490
diff changeset
50 policy = b'py'
29266
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
51
b3a677c82a35 debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff changeset
52 # Environment variable can always force settings.
31361
8a17c541177f py3: add "b" prefix to string literals related to module policy
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 31308
diff changeset
53 if sys.version_info[0] >= 3:
32210
56148133ef36 policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents: 31361
diff changeset
54 if r'HGMODULEPOLICY' in os.environ:
56148133ef36 policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents: 31361
diff changeset
55 policy = os.environ[r'HGMODULEPOLICY'].encode(r'utf-8')
31361
8a17c541177f py3: add "b" prefix to string literals related to module policy
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 31308
diff changeset
56 else:
32210
56148133ef36 policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents: 31361
diff changeset
57 policy = os.environ.get(r'HGMODULEPOLICY', policy)
32366
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
58
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
59 def _importfrom(pkgname, modname):
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
60 # from .<pkgname> import <modname> (where . is looked through this module)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
61 fakelocals = {}
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
62 pkg = __import__(pkgname, globals(), fakelocals, [modname], level=1)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
63 try:
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
64 fakelocals[modname] = mod = getattr(pkg, modname)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
65 except AttributeError:
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
66 raise ImportError(r'cannot import name %s' % modname)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
67 # force import; fakelocals[modname] may be replaced with the real module
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
68 getattr(mod, r'__doc__', None)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
69 return fakelocals[modname]
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
70
32428
28b773aa3ff2 policy: define C module versions individually
Jun Wu <quark@fb.com>
parents: 32366
diff changeset
71 # keep in sync with "version" in C modules
28b773aa3ff2 policy: define C module versions individually
Jun Wu <quark@fb.com>
parents: 32366
diff changeset
72 _cextversions = {
32511
2e431fb98c6b policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents: 32428
diff changeset
73 (r'cext', r'base85'): 1,
2e431fb98c6b policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents: 32428
diff changeset
74 (r'cext', r'bdiff'): 1,
2e431fb98c6b policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents: 32428
diff changeset
75 (r'cext', r'diffhelpers'): 1,
2e431fb98c6b policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents: 32428
diff changeset
76 (r'cext', r'mpatch'): 1,
2e431fb98c6b policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents: 32428
diff changeset
77 (r'cext', r'osutil'): 1,
2e431fb98c6b policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents: 32428
diff changeset
78 (r'cext', r'parsers'): 1,
32428
28b773aa3ff2 policy: define C module versions individually
Jun Wu <quark@fb.com>
parents: 32366
diff changeset
79 }
28b773aa3ff2 policy: define C module versions individually
Jun Wu <quark@fb.com>
parents: 32366
diff changeset
80
32366
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
81 def _checkmod(pkgname, modname, mod):
32511
2e431fb98c6b policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents: 32428
diff changeset
82 expected = _cextversions.get((pkgname, modname))
32366
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
83 actual = getattr(mod, r'version', None)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
84 if actual != expected:
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
85 raise ImportError(r'cannot import module %s.%s '
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
86 r'(expected version: %d, actual: %r)'
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
87 % (pkgname, modname, expected, actual))
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
88
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
89 def importmod(modname):
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
90 """Import module according to policy and check API version"""
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
91 try:
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
92 verpkg, purepkg = _packageprefs[policy]
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
93 except KeyError:
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
94 raise ImportError(r'invalid HGMODULEPOLICY %r' % policy)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
95 assert verpkg or purepkg
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
96 if verpkg:
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
97 try:
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
98 mod = _importfrom(verpkg, modname)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
99 _checkmod(verpkg, modname, mod)
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
100 return mod
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
101 except ImportError:
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
102 if not purepkg:
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
103 raise
8e0327dae3f4 policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents: 32251
diff changeset
104 return _importfrom(purepkg, modname)