Mercurial > hg
view mercurial/dagparser.py @ 36756:2ecb0fc535b1 stable
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Previously, the HTTP request handling code would only perform
permissions checking on a wire protocol command if that wire protocol
command defined its permissions / operation type. This meant that
commands (possibly provided by extensions) not defining their
operation type would bypass permissions check. This could lead
to exfiltration of data from servers and mutating repositories that
were supposed to be read-only.
This security issue has been present since the permissions table
was introduced by d3147b4e3e8a in 2008.
This commit changes the behavior of the HTTP server to always
perform permissions checking for protocol requests. If an
explicit permission for a wire protocol command is not defined,
the server assumes the command can be used for writing and
governs access accordingly.
.. bc::
Wire protocol commands not defining their operation type in
``wireproto.PERMISSIONS`` are now assumed to be used for
"push" operations and access control to run those commands
is now enforced accordingly.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sun, 18 Feb 2018 17:20:38 -0800 |
parents | dfd009e5f9f2 |
children | f0b6fbea00cf |
line wrap: on
line source
# dagparser.py - parser and generator for concise description of DAGs # # Copyright 2010 Peter Arrenbrecht <peter@arrenbrecht.ch> # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. from __future__ import absolute_import import re import string from .i18n import _ from . import ( error, pycompat, util, ) def parsedag(desc): '''parses a DAG from a concise textual description; generates events "+n" is a linear run of n nodes based on the current default parent "." is a single node based on the current default parent "$" resets the default parent to -1 (implied at the start); otherwise the default parent is always the last node created "<p" sets the default parent to the backref p "*p" is a fork at parent p, where p is a backref "*p1/p2/.../pn" is a merge of parents p1..pn, where the pi are backrefs "/p2/.../pn" is a merge of the preceding node and p2..pn ":name" defines a label for the preceding node; labels can be redefined "@text" emits an annotation event for text "!command" emits an action event for the current node "!!my command\n" is like "!", but to the end of the line "#...\n" is a comment up to the end of the line Whitespace between the above elements is ignored. A backref is either * a number n, which references the node curr-n, where curr is the current node, or * the name of a label you placed earlier using ":name", or * empty to denote the default parent. All string valued-elements are either strictly alphanumeric, or must be enclosed in double quotes ("..."), with "\" as escape character. Generates sequence of ('n', (id, [parentids])) for node creation ('l', (id, labelname)) for labels on nodes ('a', text) for annotations ('c', command) for actions (!) ('C', command) for line actions (!!) Examples -------- Example of a complex graph (output not shown for brevity): >>> len(list(parsedag(b""" ... ... +3 # 3 nodes in linear run ... :forkhere # a label for the last of the 3 nodes from above ... +5 # 5 more nodes on one branch ... :mergethis # label again ... <forkhere # set default parent to labeled fork node ... +10 # 10 more nodes on a parallel branch ... @stable # following nodes will be annotated as "stable" ... +5 # 5 nodes in stable ... !addfile # custom command; could trigger new file in next node ... +2 # two more nodes ... /mergethis # merge last node with labeled node ... +4 # 4 more nodes descending from merge node ... ... """))) 34 Empty list: >>> list(parsedag(b"")) [] A simple linear run: >>> list(parsedag(b"+3")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [1]))] Some non-standard ways to define such runs: >>> list(parsedag(b"+1+2")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [1]))] >>> list(parsedag(b"+1*1*")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [1]))] >>> list(parsedag(b"*")) [('n', (0, [-1]))] >>> list(parsedag(b"...")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [1]))] A fork and a join, using numeric back references: >>> list(parsedag(b"+2*2*/2")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [0])), ('n', (3, [2, 1]))] >>> list(parsedag(b"+2<2+1/2")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [0])), ('n', (3, [2, 1]))] Placing a label: >>> list(parsedag(b"+1 :mylabel +1")) [('n', (0, [-1])), ('l', (0, 'mylabel')), ('n', (1, [0]))] An empty label (silly, really): >>> list(parsedag(b"+1:+1")) [('n', (0, [-1])), ('l', (0, '')), ('n', (1, [0]))] Fork and join, but with labels instead of numeric back references: >>> list(parsedag(b"+1:f +1:p2 *f */p2")) [('n', (0, [-1])), ('l', (0, 'f')), ('n', (1, [0])), ('l', (1, 'p2')), ('n', (2, [0])), ('n', (3, [2, 1]))] >>> list(parsedag(b"+1:f +1:p2 <f +1 /p2")) [('n', (0, [-1])), ('l', (0, 'f')), ('n', (1, [0])), ('l', (1, 'p2')), ('n', (2, [0])), ('n', (3, [2, 1]))] Restarting from the root: >>> list(parsedag(b"+1 $ +1")) [('n', (0, [-1])), ('n', (1, [-1]))] Annotations, which are meant to introduce sticky state for subsequent nodes: >>> list(parsedag(b"+1 @ann +1")) [('n', (0, [-1])), ('a', 'ann'), ('n', (1, [0]))] >>> list(parsedag(b'+1 @"my annotation" +1')) [('n', (0, [-1])), ('a', 'my annotation'), ('n', (1, [0]))] Commands, which are meant to operate on the most recently created node: >>> list(parsedag(b"+1 !cmd +1")) [('n', (0, [-1])), ('c', 'cmd'), ('n', (1, [0]))] >>> list(parsedag(b'+1 !"my command" +1')) [('n', (0, [-1])), ('c', 'my command'), ('n', (1, [0]))] >>> list(parsedag(b'+1 !!my command line\\n +1')) [('n', (0, [-1])), ('C', 'my command line'), ('n', (1, [0]))] Comments, which extend to the end of the line: >>> list(parsedag(b'+1 # comment\\n+1')) [('n', (0, [-1])), ('n', (1, [0]))] Error: >>> try: list(parsedag(b'+1 bad')) ... except Exception as e: print(pycompat.sysstr(bytes(e))) invalid character in dag description: bad... ''' if not desc: return wordchars = pycompat.bytestr(string.ascii_letters + string.digits) labels = {} p1 = -1 r = 0 def resolve(ref): if not ref: return p1 elif ref[0] in pycompat.bytestr(string.digits): return r - int(ref) else: return labels[ref] chiter = pycompat.iterbytestr(desc) def nextch(): return next(chiter, '\0') def nextrun(c, allow): s = '' while c in allow: s += c c = nextch() return c, s def nextdelimited(c, limit, escape): s = '' while c != limit: if c == escape: c = nextch() s += c c = nextch() return nextch(), s def nextstring(c): if c == '"': return nextdelimited(nextch(), '"', '\\') else: return nextrun(c, wordchars) c = nextch() while c != '\0': while c in pycompat.bytestr(string.whitespace): c = nextch() if c == '.': yield 'n', (r, [p1]) p1 = r r += 1 c = nextch() elif c == '+': c, digs = nextrun(nextch(), pycompat.bytestr(string.digits)) n = int(digs) for i in xrange(0, n): yield 'n', (r, [p1]) p1 = r r += 1 elif c in '*/': if c == '*': c = nextch() c, pref = nextstring(c) prefs = [pref] while c == '/': c, pref = nextstring(nextch()) prefs.append(pref) ps = [resolve(ref) for ref in prefs] yield 'n', (r, ps) p1 = r r += 1 elif c == '<': c, ref = nextstring(nextch()) p1 = resolve(ref) elif c == ':': c, name = nextstring(nextch()) labels[name] = p1 yield 'l', (p1, name) elif c == '@': c, text = nextstring(nextch()) yield 'a', text elif c == '!': c = nextch() if c == '!': cmd = '' c = nextch() while c not in '\n\r\0': cmd += c c = nextch() yield 'C', cmd else: c, cmd = nextstring(c) yield 'c', cmd elif c == '#': while c not in '\n\r\0': c = nextch() elif c == '$': p1 = -1 c = nextch() elif c == '\0': return # in case it was preceded by whitespace else: s = '' i = 0 while c != '\0' and i < 10: s += c i += 1 c = nextch() raise error.Abort(_('invalid character in dag description: ' '%s...') % s) def dagtextlines(events, addspaces=True, wraplabels=False, wrapannotations=False, wrapcommands=False, wrapnonlinear=False, usedots=False, maxlinewidth=70): '''generates single lines for dagtext()''' def wrapstring(text): if re.match("^[0-9a-z]*$", text): return text return '"' + text.replace('\\', '\\\\').replace('"', '\"') + '"' def gen(): labels = {} run = 0 wantr = 0 needroot = False for kind, data in events: if kind == 'n': r, ps = data # sanity check if r != wantr: raise error.Abort(_("expected id %i, got %i") % (wantr, r)) if not ps: ps = [-1] else: for p in ps: if p >= r: raise error.Abort(_("parent id %i is larger than " "current id %i") % (p, r)) wantr += 1 # new root? p1 = r - 1 if len(ps) == 1 and ps[0] == -1: if needroot: if run: yield '+%d' % run run = 0 if wrapnonlinear: yield '\n' yield '$' p1 = -1 else: needroot = True if len(ps) == 1 and ps[0] == p1: if usedots: yield "." else: run += 1 else: if run: yield '+%d' % run run = 0 if wrapnonlinear: yield '\n' prefs = [] for p in ps: if p == p1: prefs.append('') elif p in labels: prefs.append(labels[p]) else: prefs.append('%d' % (r - p)) yield '*' + '/'.join(prefs) else: if run: yield '+%d' % run run = 0 if kind == 'l': rid, name = data labels[rid] = name yield ':' + name if wraplabels: yield '\n' elif kind == 'c': yield '!' + wrapstring(data) if wrapcommands: yield '\n' elif kind == 'C': yield '!!' + data yield '\n' elif kind == 'a': if wrapannotations: yield '\n' yield '@' + wrapstring(data) elif kind == '#': yield '#' + data yield '\n' else: raise error.Abort(_("invalid event type in dag: " "('%s', '%s')") % (util.escapestr(kind), util.escapestr(data))) if run: yield '+%d' % run line = '' for part in gen(): if part == '\n': if line: yield line line = '' else: if len(line) + len(part) >= maxlinewidth: yield line line = '' elif addspaces and line and part != '.': line += ' ' line += part if line: yield line def dagtext(dag, addspaces=True, wraplabels=False, wrapannotations=False, wrapcommands=False, wrapnonlinear=False, usedots=False, maxlinewidth=70): '''generates lines of a textual representation for a dag event stream events should generate what parsedag() does, so: ('n', (id, [parentids])) for node creation ('l', (id, labelname)) for labels on nodes ('a', text) for annotations ('c', text) for commands ('C', text) for line commands ('!!') ('#', text) for comment lines Parent nodes must come before child nodes. Examples -------- Linear run: >>> dagtext([(b'n', (0, [-1])), (b'n', (1, [0]))]) '+2' Two roots: >>> dagtext([(b'n', (0, [-1])), (b'n', (1, [-1]))]) '+1 $ +1' Fork and join: >>> dagtext([(b'n', (0, [-1])), (b'n', (1, [0])), (b'n', (2, [0])), ... (b'n', (3, [2, 1]))]) '+2 *2 */2' Fork and join with labels: >>> dagtext([(b'n', (0, [-1])), (b'l', (0, b'f')), (b'n', (1, [0])), ... (b'l', (1, b'p2')), (b'n', (2, [0])), (b'n', (3, [2, 1]))]) '+1 :f +1 :p2 *f */p2' Annotations: >>> dagtext([(b'n', (0, [-1])), (b'a', b'ann'), (b'n', (1, [0]))]) '+1 @ann +1' >>> dagtext([(b'n', (0, [-1])), ... (b'a', b'my annotation'), ... (b'n', (1, [0]))]) '+1 @"my annotation" +1' Commands: >>> dagtext([(b'n', (0, [-1])), (b'c', b'cmd'), (b'n', (1, [0]))]) '+1 !cmd +1' >>> dagtext([(b'n', (0, [-1])), ... (b'c', b'my command'), ... (b'n', (1, [0]))]) '+1 !"my command" +1' >>> dagtext([(b'n', (0, [-1])), ... (b'C', b'my command line'), ... (b'n', (1, [0]))]) '+1 !!my command line\\n+1' Comments: >>> dagtext([(b'n', (0, [-1])), (b'#', b' comment'), (b'n', (1, [0]))]) '+1 # comment\\n+1' >>> dagtext([]) '' Combining parsedag and dagtext: >>> dagtext(parsedag(b'+1 :f +1 :p2 *f */p2')) '+1 :f +1 :p2 *f */p2' ''' return "\n".join(dagtextlines(dag, addspaces, wraplabels, wrapannotations, wrapcommands, wrapnonlinear, usedots, maxlinewidth))