Mercurial > hg
comparison hgext/narrow/narrowcommands.py @ 39532:55eea29833d2
narrow: validate patterns returned by expandnarrow
Remotes could supply malicious or invalid patterns. We should
validate them as soon as possible.
Differential Revision: https://phab.mercurial-scm.org/D4523
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Tue, 11 Sep 2018 10:36:07 -0700 |
| parents | e82da0fcc7c5 |
| children | 8301741e1f89 |
comparison
equal
deleted
inserted
replaced
| 39531:0d572769046a | 39532:55eea29833d2 |
|---|---|
| 69 heads = pullop.heads or pullop.rheads | 69 heads = pullop.heads or pullop.rheads |
| 70 includepats, excludepats = pullop.remote.expandnarrow( | 70 includepats, excludepats = pullop.remote.expandnarrow( |
| 71 includepats, excludepats, heads) | 71 includepats, excludepats, heads) |
| 72 pullop.repo.ui.debug('Expanded narrowspec to inc=%s, exc=%s\n' % ( | 72 pullop.repo.ui.debug('Expanded narrowspec to inc=%s, exc=%s\n' % ( |
| 73 includepats, excludepats)) | 73 includepats, excludepats)) |
| 74 return set(includepats), set(excludepats) | 74 |
| 75 includepats = set(includepats) | |
| 76 excludepats = set(excludepats) | |
| 77 | |
| 78 # Nefarious remote could supply unsafe patterns. Validate them. | |
| 79 narrowspec.validatepatterns(includepats) | |
| 80 narrowspec.validatepatterns(excludepats) | |
| 81 | |
| 82 return includepats, excludepats | |
| 75 | 83 |
| 76 def clonenarrowcmd(orig, ui, repo, *args, **opts): | 84 def clonenarrowcmd(orig, ui, repo, *args, **opts): |
| 77 """Wraps clone command, so 'hg clone' first wraps localrepo.clone().""" | 85 """Wraps clone command, so 'hg clone' first wraps localrepo.clone().""" |
| 78 opts = pycompat.byteskwargs(opts) | 86 opts = pycompat.byteskwargs(opts) |
| 79 wrappedextraprepare = util.nullcontextmanager() | 87 wrappedextraprepare = util.nullcontextmanager() |