tests: comprehensively test HTTP server permissions checking
We didn't have test coverage for numerous web.* config options. We
add that test coverage.
Included in the tests are tests for custom commands. We have commands
that are supposedly read-only and perform writes and a variation of
each that does and does not define its operation type in
hgweb_mod.perms.
The tests reveal a handful of security bugs related to permissions
checking. Subsequent commits will address these security bugs.
from __future__ import (
absolute_import,
print_function,
)
import argparse
import os
ap = argparse.ArgumentParser()
ap.add_argument('path', nargs='+')
opts = ap.parse_args()
def gather():
for p in opts.path:
if not os.path.exists(p):
return
if os.path.isdir(p):
yield p + os.path.sep
for dirpath, dirs, files in os.walk(p):
for d in dirs:
yield os.path.join(dirpath, d) + os.path.sep
for f in files:
yield os.path.join(dirpath, f)
else:
yield p
print('\n'.join(sorted(gather(), key=lambda x: x.replace(os.path.sep, '/'))))