Mercurial > hg
annotate tests/hgweberror.py @ 29051:a56296f55a5e stable 3.8.1
convert: pass absolute paths to git (SEC)
Fixes CVE-2016-3105 (1/1).
Previously, it was possible for the repository path passed to git-ls-remote
to be misinterpreted as a URL.
Always passing an absolute path to git is a simple way to avoid this.
| author | Blake Burkhart <bburky@bburky.com> |
|---|---|
| date | Wed, 06 Apr 2016 22:57:46 -0500 |
| parents | 74e6de99ce7f |
| children | 3d60a22e27f5 |
| rev | line source |
|---|---|
|
23409
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
1 # A dummy extension that installs an hgweb command that throws an Exception. |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
2 |
|
27299
74e6de99ce7f
tests: use absolute_import in hgweberror.py
Gregory Szorc <gregory.szorc@gmail.com>
parents:
23409
diff
changeset
|
3 from __future__ import absolute_import |
|
74e6de99ce7f
tests: use absolute_import in hgweberror.py
Gregory Szorc <gregory.szorc@gmail.com>
parents:
23409
diff
changeset
|
4 |
|
74e6de99ce7f
tests: use absolute_import in hgweberror.py
Gregory Szorc <gregory.szorc@gmail.com>
parents:
23409
diff
changeset
|
5 from mercurial.hgweb import ( |
|
74e6de99ce7f
tests: use absolute_import in hgweberror.py
Gregory Szorc <gregory.szorc@gmail.com>
parents:
23409
diff
changeset
|
6 webcommands, |
|
74e6de99ce7f
tests: use absolute_import in hgweberror.py
Gregory Szorc <gregory.szorc@gmail.com>
parents:
23409
diff
changeset
|
7 ) |
|
23409
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
8 |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
9 def raiseerror(web, req, tmpl): |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
10 '''Dummy web command that raises an uncaught Exception.''' |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
11 |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
12 # Simulate an error after partial response. |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
13 if 'partialresponse' in req.form: |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
14 req.respond(200, 'text/plain') |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
15 req.write('partial content\n') |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
16 |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
17 raise AttributeError('I am an uncaught error!') |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
18 |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
19 def extsetup(ui): |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
20 setattr(webcommands, 'raiseerror', raiseerror) |
|
dc4d2cd3aa3e
hgweb: send proper HTTP response after uncaught exception
Gregory Szorc <gregory.szorc@gmail.com>
parents:
diff
changeset
|
21 webcommands.__all__.append('raiseerror') |