Mercurial > hg
annotate tests/test-hgwebdir-paths.py @ 29051:a56296f55a5e stable 3.8.1
convert: pass absolute paths to git (SEC)
Fixes CVE-2016-3105 (1/1).
Previously, it was possible for the repository path passed to git-ls-remote
to be misinterpreted as a URL.
Always passing an absolute path to git is a simple way to avoid this.
author | Blake Burkhart <bburky@bburky.com> |
---|---|
date | Wed, 06 Apr 2016 22:57:46 -0500 |
parents | 4eac86331acb |
children | d83ca854fa21 |
rev | line source |
---|---|
28932
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
1 from __future__ import absolute_import |
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
2 |
8529
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
3 import os |
28932
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
4 from mercurial import ( |
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
5 hg, |
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
6 ui as uimod, |
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
7 ) |
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
8 from mercurial.hgweb import ( |
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
9 hgwebdir_mod, |
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
10 ) |
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
11 hgwebdir = hgwebdir_mod.hgwebdir |
8529
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
12 |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
13 os.mkdir('webdir') |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
14 os.chdir('webdir') |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
15 |
15381
c519cd8f0169
backout dbdb777502dc (issue3077) (issue3071)
Matt Mackall <mpm@selenic.com>
parents:
15355
diff
changeset
|
16 webdir = os.path.realpath('.') |
8529
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
17 |
28932
4eac86331acb
tests: make test-hgwebdir-paths use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
15381
diff
changeset
|
18 u = uimod.ui() |
8529
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
19 hg.repository(u, 'a', create=1) |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
20 hg.repository(u, 'b', create=1) |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
21 os.chdir('b') |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
22 hg.repository(u, 'd', create=1) |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
23 os.chdir('..') |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
24 hg.repository(u, 'c', create=1) |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
25 os.chdir('..') |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
26 |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
27 paths = {'t/a/': '%s/a' % webdir, |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
28 'b': '%s/b' % webdir, |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
29 'coll': '%s/*' % webdir, |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
30 'rcoll': '%s/**' % webdir} |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
31 |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
32 config = os.path.join(webdir, 'hgwebdir.conf') |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
33 configfile = open(config, 'w') |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
34 configfile.write('[paths]\n') |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
35 for k, v in paths.items(): |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
36 configfile.write('%s = %s\n' % (k, v)) |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
37 configfile.close() |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
38 |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
39 confwd = hgwebdir(config) |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
40 dictwd = hgwebdir(paths) |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
41 |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
42 assert len(confwd.repos) == len(dictwd.repos), 'different numbers' |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
43 assert len(confwd.repos) == 9, 'expected 9 repos, found %d' % len(confwd.repos) |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
44 |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
45 found = dict(confwd.repos) |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
46 for key, path in dictwd.repos: |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
47 assert key in found, 'repository %s was not found' % key |
a767998f0a78
hgweb: make hgwebdir handle dict/list paths the same as config paths
Jeremy Whitlock <jcscoobyrs@gmail.com>
parents:
diff
changeset
|
48 assert found[key] == path, 'different paths for repo %s' % key |