Mercurial > hg
comparison tests/test-hook.t @ 28938:ea1fec3e9aba
hook: report untrusted hooks as failure (issue5110) (BC)
Before this patch, there was no way for a repository owner to ensure that
validation hooks would be run by people with write access. If someone had write
access but did not trust the user owning the repository, the config and its hook
would simply be ignored.
After this patch, hooks from untrusted configs are taken into account but never
actually run. Instead they are reported as failures right away. This will ensure
validation performed by a hook is not ignored.
As a side effect writer can be forced to trust a repository hgrc by adding a
'pretxnopen.trust=true' hook to the file.
This was discussed during the 3.8 sprint with Matt Mackall, Augie Fackler and
Kevin Bullock.
| author | Pierre-Yves David <pierre-yves.david@ens-lyon.org> |
|---|---|
| date | Thu, 14 Apr 2016 02:41:15 -0700 |
| parents | a3a01194a337 |
| children | 9dc27a334fb1 |
comparison
equal
deleted
inserted
replaced
| 28937:3112c5e18835 | 28938:ea1fec3e9aba |
|---|---|
| 792 tag: tip | 792 tag: tip |
| 793 user: test | 793 user: test |
| 794 date: Thu Jan 01 00:00:00 1970 +0000 | 794 date: Thu Jan 01 00:00:00 1970 +0000 |
| 795 summary: b | 795 summary: b |
| 796 | 796 |
| 797 $ cd .. | |
| 798 | 797 |
| 799 pretxnclose hook failure should abort the transaction | 798 pretxnclose hook failure should abort the transaction |
| 800 | 799 |
| 801 $ hg init txnfailure | 800 $ hg init txnfailure |
| 802 $ cd txnfailure | 801 $ cd txnfailure |
| 814 abort: pretxnclose.error hook exited with status 1 | 813 abort: pretxnclose.error hook exited with status 1 |
| 815 [255] | 814 [255] |
| 816 $ hg recover | 815 $ hg recover |
| 817 no interrupted transaction available | 816 no interrupted transaction available |
| 818 [1] | 817 [1] |
| 818 $ cd .. | |
| 819 | |
| 820 Hook from untrusted hgrc are reported as failure | |
| 821 ================================================ | |
| 822 | |
| 823 $ cat << EOF > $TESTTMP/untrusted.py | |
| 824 > from mercurial import scmutil, util | |
| 825 > def uisetup(ui): | |
| 826 > class untrustedui(ui.__class__): | |
| 827 > def _trusted(self, fp, f): | |
| 828 > if util.normpath(fp.name).endswith('untrusted/.hg/hgrc'): | |
| 829 > return False | |
| 830 > return super(untrustedui, self)._trusted(fp, f) | |
| 831 > ui.__class__ = untrustedui | |
| 832 > EOF | |
| 833 $ cat << EOF >> $HGRCPATH | |
| 834 > [extensions] | |
| 835 > untrusted=$TESTTMP/untrusted.py | |
| 836 > EOF | |
| 837 $ hg init untrusted | |
| 838 $ cd untrusted | |
| 839 | |
| 840 Non-blocking hook | |
| 841 ----------------- | |
| 842 | |
| 843 $ cat << EOF >> .hg/hgrc | |
| 844 > [hooks] | |
| 845 > txnclose.testing=echo txnclose hook called | |
| 846 > EOF | |
| 847 $ touch a && hg commit -Aqm a | |
| 848 warning: untrusted hook txnclose not executed | |
| 849 $ hg log | |
| 850 changeset: 0:3903775176ed | |
| 851 tag: tip | |
| 852 user: test | |
| 853 date: Thu Jan 01 00:00:00 1970 +0000 | |
| 854 summary: a | |
| 855 | |
| 856 | |
| 857 Non-blocking hook | |
| 858 ----------------- | |
| 859 | |
| 860 $ cat << EOF >> .hg/hgrc | |
| 861 > [hooks] | |
| 862 > pretxnclose.testing=echo pre-txnclose hook called | |
| 863 > EOF | |
| 864 $ touch b && hg commit -Aqm a | |
| 865 transaction abort! | |
| 866 rollback completed | |
| 867 abort: untrusted hook pretxnclose not executed | |
| 868 (see 'hg help config.trusted') | |
| 869 [255] | |
| 870 $ hg log | |
| 871 changeset: 0:3903775176ed | |
| 872 tag: tip | |
| 873 user: test | |
| 874 date: Thu Jan 01 00:00:00 1970 +0000 | |
| 875 summary: a | |
| 876 |