view tests/dumbhttp.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 0bb8c405a7c7
children 7623ba92af72
line wrap: on
line source

#!/usr/bin/env python

from __future__ import absolute_import

"""
Small and dumb HTTP server for use in tests.
"""

import optparse
import BaseHTTPServer
import signal
import SimpleHTTPServer
import sys

from mercurial import (
    cmdutil,
)

OptionParser = optparse.OptionParser

class simplehttpservice(object):
    def __init__(self, host, port):
        self.address = (host, port)
    def init(self):
        self.httpd = BaseHTTPServer.HTTPServer(
            self.address, SimpleHTTPServer.SimpleHTTPRequestHandler)
    def run(self):
        self.httpd.serve_forever()

if __name__ == '__main__':
    parser = OptionParser()
    parser.add_option('-p', '--port', dest='port', type='int', default=8000,
        help='TCP port to listen on', metavar='PORT')
    parser.add_option('-H', '--host', dest='host', default='localhost',
        help='hostname or IP to listen on', metavar='HOST')
    parser.add_option('--pid', dest='pid',
        help='file name where the PID of the server is stored')
    parser.add_option('-f', '--foreground', dest='foreground',
        action='store_true',
        help='do not start the HTTP server in the background')
    parser.add_option('--daemon-pipefds')

    (options, args) = parser.parse_args()

    signal.signal(signal.SIGTERM, lambda x, y: sys.exit(0))

    if options.foreground and options.pid:
        parser.error("options --pid and --foreground are mutually exclusive")

    opts = {'pid_file': options.pid,
            'daemon': not options.foreground,
            'daemon_pipefds': options.daemon_pipefds}
    service = simplehttpservice(options.host, options.port)
    cmdutil.service(opts, initfn=service.init, runfn=service.run,
                    runargs=[sys.executable, __file__] + sys.argv[1:])