Mercurial > hg
annotate mercurial/policy.py @ 33650:0b3fe3910ef5 stable
util: add utility method to check for bad ssh urls (SEC)
Our use of SSH has an exploit that will parse the first part of an url
blindly as a hostname. Prior to this set of security patches, a url
with '-oProxyCommand' could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' can be abused to execute
arbitrary commands in a similar fashion.
We defend against this by checking ssh:// URLs and looking for a
hostname that starts with a - or contains a |.
When this happens, let's throw a big abort into the user's face so
that they can inspect what's going on.
author | Sean Farley <sean@farley.io> |
---|---|
date | Fri, 28 Jul 2017 16:32:25 -0700 |
parents | 3f5d675fddf4 |
children | cd2aca0808f8 |
rev | line source |
---|---|
29266
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
1 # policy.py - module policy logic for Mercurial. |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
2 # |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
3 # Copyright 2015 Gregory Szorc <gregory.szorc@gmail.com> |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
4 # |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
5 # This software may be used and distributed according to the terms of the |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
6 # GNU General Public License version 2 or any later version. |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
7 |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
8 from __future__ import absolute_import |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
9 |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
10 import os |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
11 import sys |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
12 |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
13 # Rules for how modules can be loaded. Values are: |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
14 # |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
15 # c - require C extensions |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
16 # allow - allow pure Python implementation when C loading fails |
29490
b4d117cee636
policy: add cffi policy for PyPy
Maciej Fijalkowski <fijall@gmail.com>
parents:
29266
diff
changeset
|
17 # cffi - required cffi versions (implemented within pure module) |
b4d117cee636
policy: add cffi policy for PyPy
Maciej Fijalkowski <fijall@gmail.com>
parents:
29266
diff
changeset
|
18 # cffi-allow - allow pure Python implementation if cffi version is missing |
29266
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
19 # py - only load pure Python modules |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
20 # |
32251
a04f5c651e52
policy: relax the default for in-place build
Yuya Nishihara <yuya@tcha.org>
parents:
32210
diff
changeset
|
21 # By default, fall back to the pure modules so the in-place build can |
a04f5c651e52
policy: relax the default for in-place build
Yuya Nishihara <yuya@tcha.org>
parents:
32210
diff
changeset
|
22 # run without recompiling the C extensions. This will be overridden by |
a04f5c651e52
policy: relax the default for in-place build
Yuya Nishihara <yuya@tcha.org>
parents:
32210
diff
changeset
|
23 # __modulepolicy__ generated by setup.py. |
a04f5c651e52
policy: relax the default for in-place build
Yuya Nishihara <yuya@tcha.org>
parents:
32210
diff
changeset
|
24 policy = b'allow' |
32366
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
25 _packageprefs = { |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
26 # policy: (versioned package, pure package) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
27 b'c': (r'cext', None), |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
28 b'allow': (r'cext', r'pure'), |
32512
0e8b0b9a7acc
cffi: split modules from pure
Yuya Nishihara <yuya@tcha.org>
parents:
32511
diff
changeset
|
29 b'cffi': (r'cffi', None), |
0e8b0b9a7acc
cffi: split modules from pure
Yuya Nishihara <yuya@tcha.org>
parents:
32511
diff
changeset
|
30 b'cffi-allow': (r'cffi', r'pure'), |
32366
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
31 b'py': (None, r'pure'), |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
32 } |
29490
b4d117cee636
policy: add cffi policy for PyPy
Maciej Fijalkowski <fijall@gmail.com>
parents:
29266
diff
changeset
|
33 |
29266
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
34 try: |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
35 from . import __modulepolicy__ |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
36 policy = __modulepolicy__.modulepolicy |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
37 except ImportError: |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
38 pass |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
39 |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
40 # PyPy doesn't load C extensions. |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
41 # |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
42 # The canonical way to do this is to test platform.python_implementation(). |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
43 # But we don't import platform and don't bloat for it here. |
32210
56148133ef36
policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents:
31361
diff
changeset
|
44 if r'__pypy__' in sys.builtin_module_names: |
56148133ef36
policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents:
31361
diff
changeset
|
45 policy = b'cffi' |
29266
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
46 |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
47 # Our C extensions aren't yet compatible with Python 3. So use pure Python |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
48 # on Python 3 for now. |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
49 if sys.version_info[0] >= 3: |
31308
62939e0148f1
policy: try and always have a bytes for module policy
Augie Fackler <raf@durin42.com>
parents:
29490
diff
changeset
|
50 policy = b'py' |
29266
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
51 |
b3a677c82a35
debuginstall: expose modulepolicy
timeless <timeless@mozdev.org>
parents:
diff
changeset
|
52 # Environment variable can always force settings. |
31361
8a17c541177f
py3: add "b" prefix to string literals related to module policy
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
31308
diff
changeset
|
53 if sys.version_info[0] >= 3: |
32210
56148133ef36
policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents:
31361
diff
changeset
|
54 if r'HGMODULEPOLICY' in os.environ: |
56148133ef36
policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents:
31361
diff
changeset
|
55 policy = os.environ[r'HGMODULEPOLICY'].encode(r'utf-8') |
31361
8a17c541177f
py3: add "b" prefix to string literals related to module policy
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
31308
diff
changeset
|
56 else: |
32210
56148133ef36
policy: mark all string literals as sysstr or bytes
Yuya Nishihara <yuya@tcha.org>
parents:
31361
diff
changeset
|
57 policy = os.environ.get(r'HGMODULEPOLICY', policy) |
32366
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
58 |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
59 def _importfrom(pkgname, modname): |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
60 # from .<pkgname> import <modname> (where . is looked through this module) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
61 fakelocals = {} |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
62 pkg = __import__(pkgname, globals(), fakelocals, [modname], level=1) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
63 try: |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
64 fakelocals[modname] = mod = getattr(pkg, modname) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
65 except AttributeError: |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
66 raise ImportError(r'cannot import name %s' % modname) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
67 # force import; fakelocals[modname] may be replaced with the real module |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
68 getattr(mod, r'__doc__', None) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
69 return fakelocals[modname] |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
70 |
32428
28b773aa3ff2
policy: define C module versions individually
Jun Wu <quark@fb.com>
parents:
32366
diff
changeset
|
71 # keep in sync with "version" in C modules |
28b773aa3ff2
policy: define C module versions individually
Jun Wu <quark@fb.com>
parents:
32366
diff
changeset
|
72 _cextversions = { |
32511
2e431fb98c6b
policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents:
32428
diff
changeset
|
73 (r'cext', r'base85'): 1, |
2e431fb98c6b
policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents:
32428
diff
changeset
|
74 (r'cext', r'bdiff'): 1, |
2e431fb98c6b
policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents:
32428
diff
changeset
|
75 (r'cext', r'diffhelpers'): 1, |
2e431fb98c6b
policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents:
32428
diff
changeset
|
76 (r'cext', r'mpatch'): 1, |
2e431fb98c6b
policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents:
32428
diff
changeset
|
77 (r'cext', r'osutil'): 1, |
2e431fb98c6b
policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents:
32428
diff
changeset
|
78 (r'cext', r'parsers'): 1, |
32428
28b773aa3ff2
policy: define C module versions individually
Jun Wu <quark@fb.com>
parents:
32366
diff
changeset
|
79 } |
28b773aa3ff2
policy: define C module versions individually
Jun Wu <quark@fb.com>
parents:
32366
diff
changeset
|
80 |
32366
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
81 def _checkmod(pkgname, modname, mod): |
32511
2e431fb98c6b
policy: extend API version checks for cffi
Yuya Nishihara <yuya@tcha.org>
parents:
32428
diff
changeset
|
82 expected = _cextversions.get((pkgname, modname)) |
32366
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
83 actual = getattr(mod, r'version', None) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
84 if actual != expected: |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
85 raise ImportError(r'cannot import module %s.%s ' |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
86 r'(expected version: %d, actual: %r)' |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
87 % (pkgname, modname, expected, actual)) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
88 |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
89 def importmod(modname): |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
90 """Import module according to policy and check API version""" |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
91 try: |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
92 verpkg, purepkg = _packageprefs[policy] |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
93 except KeyError: |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
94 raise ImportError(r'invalid HGMODULEPOLICY %r' % policy) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
95 assert verpkg or purepkg |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
96 if verpkg: |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
97 try: |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
98 mod = _importfrom(verpkg, modname) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
99 _checkmod(verpkg, modname, mod) |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
100 return mod |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
101 except ImportError: |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
102 if not purepkg: |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
103 raise |
8e0327dae3f4
policy: add helper to import cext/pure module
Yuya Nishihara <yuya@tcha.org>
parents:
32251
diff
changeset
|
104 return _importfrom(purepkg, modname) |