Mercurial > hg
annotate tests/test-duplicateoptions.py @ 31290:f819aa9dbbf9
sslutil: issue warning when [hostfingerprint] is used
Mercurial 3.9 added the [hostsecurity] section, which is better
than [hostfingerprints] in every way.
One of the ways that [hostsecurity] is better is that it supports
SHA-256 and SHA-512 fingerprints, not just SHA-1 fingerprints.
The world is moving away from SHA-1 because it is borderline
secure. Mercurial should be part of that movement.
This patch adds a warning when a valid SHA-1 fingerprint from
the [hostfingerprints] section is being used. The warning informs
users to switch to [hostsecurity]. It even prints the config
option they should set. It uses the SHA-256 fingerprint because
recommending a SHA-1 fingerprint in 2017 would be ill-advised.
The warning will print itself on every connection to a server until
it is fixed. There is no way to suppress the warning. I admit this
is annoying. But given the security implications of sticking with
SHA-1, I think this is justified. If this patch is accepted,
I'll likely send a follow-up to start warning on SHA-1
certificates in [hostsecurity] as well. Then sometime down
the road, we can drop support for SHA-1 fingerprints.
Credit for this idea comes from timeless in issue 5466.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Thu, 09 Mar 2017 20:33:29 -0800 |
| parents | d83ca854fa21 |
| children | bd872f64a8ba |
| rev | line source |
|---|---|
|
28740
e8ecd1aa3f6c
py3: use print_function in test-duplicateoptions.py
Robert Stanca <robert.stanca7@gmail.com>
parents:
28739
diff
changeset
|
1 from __future__ import absolute_import, print_function |
|
14449
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
2 import os |
|
28739
d289b8847f23
py3: use absolute_import in test-duplicateoptions.py
Robert Stanca <robert.stanca7@gmail.com>
parents:
20622
diff
changeset
|
3 from mercurial import ( |
|
d289b8847f23
py3: use absolute_import in test-duplicateoptions.py
Robert Stanca <robert.stanca7@gmail.com>
parents:
20622
diff
changeset
|
4 commands, |
|
d289b8847f23
py3: use absolute_import in test-duplicateoptions.py
Robert Stanca <robert.stanca7@gmail.com>
parents:
20622
diff
changeset
|
5 extensions, |
|
28804
ce49c8d4f0bb
test-duplicateoptions: alias ui as uimod
Yuya Nishihara <yuya@tcha.org>
parents:
28740
diff
changeset
|
6 ui as uimod, |
|
28739
d289b8847f23
py3: use absolute_import in test-duplicateoptions.py
Robert Stanca <robert.stanca7@gmail.com>
parents:
20622
diff
changeset
|
7 ) |
|
14449
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
8 |
|
20622
352abbb0be88
extensions: remove the inotify extension (BC)
Matt Mackall <mpm@selenic.com>
parents:
16383
diff
changeset
|
9 ignore = set(['highlight', 'win32text', 'factotum']) |
|
14449
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
10 |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
11 if os.name != 'nt': |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
12 ignore.add('win32mbcs') |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
13 |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
14 disabled = [ext for ext in extensions.disabled().keys() if ext not in ignore] |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
15 |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
16 hgrc = open(os.environ["HGRCPATH"], 'w') |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
17 hgrc.write('[extensions]\n') |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
18 |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
19 for ext in disabled: |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
20 hgrc.write(ext + '=\n') |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
21 |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
22 hgrc.close() |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
23 |
|
30559
d83ca854fa21
ui: factor out ui.load() to create a ui without loading configs (API)
Yuya Nishihara <yuya@tcha.org>
parents:
28804
diff
changeset
|
24 u = uimod.ui.load() |
|
14449
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
25 extensions.loadall(u) |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
26 |
|
15099
b1f49efeab65
test: test for options duplicate with global options
Simon Heimberg <simohe@besonet.ch>
parents:
14762
diff
changeset
|
27 globalshort = set() |
|
b1f49efeab65
test: test for options duplicate with global options
Simon Heimberg <simohe@besonet.ch>
parents:
14762
diff
changeset
|
28 globallong = set() |
|
b1f49efeab65
test: test for options duplicate with global options
Simon Heimberg <simohe@besonet.ch>
parents:
14762
diff
changeset
|
29 for option in commands.globalopts: |
|
b1f49efeab65
test: test for options duplicate with global options
Simon Heimberg <simohe@besonet.ch>
parents:
14762
diff
changeset
|
30 option[0] and globalshort.add(option[0]) |
|
b1f49efeab65
test: test for options duplicate with global options
Simon Heimberg <simohe@besonet.ch>
parents:
14762
diff
changeset
|
31 option[1] and globallong.add(option[1]) |
|
b1f49efeab65
test: test for options duplicate with global options
Simon Heimberg <simohe@besonet.ch>
parents:
14762
diff
changeset
|
32 |
|
14449
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
33 for cmd, entry in commands.table.iteritems(): |
|
15099
b1f49efeab65
test: test for options duplicate with global options
Simon Heimberg <simohe@besonet.ch>
parents:
14762
diff
changeset
|
34 seenshort = globalshort.copy() |
|
b1f49efeab65
test: test for options duplicate with global options
Simon Heimberg <simohe@besonet.ch>
parents:
14762
diff
changeset
|
35 seenlong = globallong.copy() |
|
14449
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
36 for option in entry[1]: |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
37 if (option[0] and option[0] in seenshort) or \ |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
38 (option[1] and option[1] in seenlong): |
|
28740
e8ecd1aa3f6c
py3: use print_function in test-duplicateoptions.py
Robert Stanca <robert.stanca7@gmail.com>
parents:
28739
diff
changeset
|
39 print("command '" + cmd + "' has duplicate option " + str(option)) |
|
14449
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
40 seenshort.add(option[0]) |
|
7d171c05a631
tests: add a test to check for duplicate command options
Idan Kamara <idankk86@gmail.com>
parents:
diff
changeset
|
41 seenlong.add(option[1]) |