Mercurial > hg
comparison hgext/narrow/narrowcommands.py @ 39532:55eea29833d2
narrow: validate patterns returned by expandnarrow
Remotes could supply malicious or invalid patterns. We should
validate them as soon as possible.
Differential Revision: https://phab.mercurial-scm.org/D4523
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Tue, 11 Sep 2018 10:36:07 -0700 |
parents | e82da0fcc7c5 |
children | 8301741e1f89 |
comparison
equal
deleted
inserted
replaced
39531:0d572769046a | 39532:55eea29833d2 |
---|---|
69 heads = pullop.heads or pullop.rheads | 69 heads = pullop.heads or pullop.rheads |
70 includepats, excludepats = pullop.remote.expandnarrow( | 70 includepats, excludepats = pullop.remote.expandnarrow( |
71 includepats, excludepats, heads) | 71 includepats, excludepats, heads) |
72 pullop.repo.ui.debug('Expanded narrowspec to inc=%s, exc=%s\n' % ( | 72 pullop.repo.ui.debug('Expanded narrowspec to inc=%s, exc=%s\n' % ( |
73 includepats, excludepats)) | 73 includepats, excludepats)) |
74 return set(includepats), set(excludepats) | 74 |
75 includepats = set(includepats) | |
76 excludepats = set(excludepats) | |
77 | |
78 # Nefarious remote could supply unsafe patterns. Validate them. | |
79 narrowspec.validatepatterns(includepats) | |
80 narrowspec.validatepatterns(excludepats) | |
81 | |
82 return includepats, excludepats | |
75 | 83 |
76 def clonenarrowcmd(orig, ui, repo, *args, **opts): | 84 def clonenarrowcmd(orig, ui, repo, *args, **opts): |
77 """Wraps clone command, so 'hg clone' first wraps localrepo.clone().""" | 85 """Wraps clone command, so 'hg clone' first wraps localrepo.clone().""" |
78 opts = pycompat.byteskwargs(opts) | 86 opts = pycompat.byteskwargs(opts) |
79 wrappedextraprepare = util.nullcontextmanager() | 87 wrappedextraprepare = util.nullcontextmanager() |