Mercurial Mercurial > hg / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/hgweberror.py
author Gregory Szorc <gregory.szorc@gmail.com>
Fri, 31 Mar 2017 21:47:26 -0700
changeset 31790 62f9679df1f2
parent 27299 74e6de99ce7f
child 36865 3d60a22e27f5
permissions -rw-r--r--
hgweb: extract path traversal checking into standalone function A common exploit in web applications that access paths is to insert path separator strings like ".." to try to get the server to serve up files it shouldn't. We have code for detecting this in staticfile(). A subsequent commit will need to perform this test as well. Since this is security code, let's factor the check so we don't have to reinvent the wheel.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
23409
dc4d2cd3aa3e hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset 
     1
 
# A dummy extension that installs an hgweb command that throws an Exception.
dc4d2cd3aa3e hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff changeset 
     2
 







27299






74e6de99ce7f
tests: use absolute_import in hgweberror.py



Gregory Szorc <gregory.szorc@gmail.com>


parents: 
23409

diff
changeset




     3


from __future__ import absolute_import













74e6de99ce7f
tests: use absolute_import in hgweberror.py



Gregory Szorc <gregory.szorc@gmail.com>


parents: 
23409

diff
changeset




     4














74e6de99ce7f
tests: use absolute_import in hgweberror.py



Gregory Szorc <gregory.szorc@gmail.com>


parents: 
23409

diff
changeset




     5


from mercurial.hgweb import (













74e6de99ce7f
tests: use absolute_import in hgweberror.py



Gregory Szorc <gregory.szorc@gmail.com>


parents: 
23409

diff
changeset




     6


    webcommands,













74e6de99ce7f
tests: use absolute_import in hgweberror.py



Gregory Szorc <gregory.szorc@gmail.com>


parents: 
23409

diff
changeset




     7


)








23409






dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




     8














dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




     9


def raiseerror(web, req, tmpl):













dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    10


    '''Dummy web command that raises an uncaught Exception.'''













dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    11














dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    12


    # Simulate an error after partial response.













dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    13


    if 'partialresponse' in req.form:













dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    14


        req.respond(200, 'text/plain')













dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    15


        req.write('partial content\n')













dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    16














dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    17


    raise AttributeError('I am an uncaught error!')













dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    18














dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    19


def extsetup(ui):













dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    20


    setattr(webcommands, 'raiseerror', raiseerror)













dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception



Gregory Szorc <gregory.szorc@gmail.com>


parents: 

diff
changeset




    21


    webcommands.__all__.append('raiseerror')















Mercurial