view hgext/largefiles/wirestore.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 9d33d6e0d442
children b6e71f8af5b8
line wrap: on
line source

# Copyright 2010-2011 Fog Creek Software
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.

'''largefile store working over Mercurial's wire protocol'''

import lfutil
import remotestore

class wirestore(remotestore.remotestore):
    def __init__(self, ui, repo, remote):
        cap = remote.capable('largefiles')
        if not cap:
            raise lfutil.storeprotonotcapable([])
        storetypes = cap.split(',')
        if 'serve' not in storetypes:
            raise lfutil.storeprotonotcapable(storetypes)
        self.remote = remote
        super(wirestore, self).__init__(ui, repo, remote.url())

    def _put(self, hash, fd):
        return self.remote.putlfile(hash, fd)

    def _get(self, hash):
        return self.remote.getlfile(hash)

    def _stat(self, hashes):
        '''For each hash, return 0 if it is available, other values if not.
        It is usually 2 if the largefile is missing, but might be 1 the server
        has a corrupted copy.'''
        batch = self.remote.batch()
        futures = {}
        for hash in hashes:
            futures[hash] = batch.statlfile(hash)
        batch.submit()
        retval = {}
        for hash in hashes:
            retval[hash] = futures[hash].value
        return retval