Mercurial > hg
view mercurial/dagparser.py @ 36754:e3c228b4510d stable
wireproto: declare operation type for most commands (BC) (SEC)
The permissions model of hgweb relies on a dictionary to declare
the operation associated with each command - either "pull" or
"push." This dictionary was established by d3147b4e3e8a in 2008.
Unfortunately, we neglected to update this dictionary as new
wire protocol commands were introduced.
This commit defines the operations of most wire protocol commands
in the permissions dictionary. The "batch" command is omitted because
it is special and requires a more complex solution.
Since permissions checking is skipped unless a command has an entry in
this dictionary (this security issue will be addressed in a subsequent
commit), the practical effect of this change is that various wire
protocol commands now HTTP 401 if web.deny_read or web.allow-pull,
etc are set to deny access. This is reflected by test changes. Note
how various `hg pull` and `hg push` operations now fail before
discovery. (They fail during the initial "capabilities" request.)
This change fixes a security issue where built-in wire protocol
commands would return repository data even if the web config were
configured to deny access to that data.
I'm on the fence as to whether we should HTTP 401 the capabilities
request. On one hand, it can expose repository metadata and can tell
callers things like what version of Mercurial the server is running.
On the other hand, a client may need to know the capabilities in order
to authenticate in a follow-up request. It appears that Mercurial
clients handle the HTTP 401 on *any* protocol request, so we should
be OK sending a 401 for "capabilities." But if this causes problems,
it should be possible to allow "capabilities" to always work.
.. bc::
Various read-only wire protocol commands now return HTTP 401
Unauthorized if the hgweb configuration denies read/pull access to
the repository.
Previously, various wire protocol commands would still work and
return data if read access was disabled.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Tue, 20 Feb 2018 18:54:27 -0800 |
| parents | dfd009e5f9f2 |
| children | f0b6fbea00cf |
line wrap: on
line source
# dagparser.py - parser and generator for concise description of DAGs # # Copyright 2010 Peter Arrenbrecht <peter@arrenbrecht.ch> # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. from __future__ import absolute_import import re import string from .i18n import _ from . import ( error, pycompat, util, ) def parsedag(desc): '''parses a DAG from a concise textual description; generates events "+n" is a linear run of n nodes based on the current default parent "." is a single node based on the current default parent "$" resets the default parent to -1 (implied at the start); otherwise the default parent is always the last node created "<p" sets the default parent to the backref p "*p" is a fork at parent p, where p is a backref "*p1/p2/.../pn" is a merge of parents p1..pn, where the pi are backrefs "/p2/.../pn" is a merge of the preceding node and p2..pn ":name" defines a label for the preceding node; labels can be redefined "@text" emits an annotation event for text "!command" emits an action event for the current node "!!my command\n" is like "!", but to the end of the line "#...\n" is a comment up to the end of the line Whitespace between the above elements is ignored. A backref is either * a number n, which references the node curr-n, where curr is the current node, or * the name of a label you placed earlier using ":name", or * empty to denote the default parent. All string valued-elements are either strictly alphanumeric, or must be enclosed in double quotes ("..."), with "\" as escape character. Generates sequence of ('n', (id, [parentids])) for node creation ('l', (id, labelname)) for labels on nodes ('a', text) for annotations ('c', command) for actions (!) ('C', command) for line actions (!!) Examples -------- Example of a complex graph (output not shown for brevity): >>> len(list(parsedag(b""" ... ... +3 # 3 nodes in linear run ... :forkhere # a label for the last of the 3 nodes from above ... +5 # 5 more nodes on one branch ... :mergethis # label again ... <forkhere # set default parent to labeled fork node ... +10 # 10 more nodes on a parallel branch ... @stable # following nodes will be annotated as "stable" ... +5 # 5 nodes in stable ... !addfile # custom command; could trigger new file in next node ... +2 # two more nodes ... /mergethis # merge last node with labeled node ... +4 # 4 more nodes descending from merge node ... ... """))) 34 Empty list: >>> list(parsedag(b"")) [] A simple linear run: >>> list(parsedag(b"+3")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [1]))] Some non-standard ways to define such runs: >>> list(parsedag(b"+1+2")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [1]))] >>> list(parsedag(b"+1*1*")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [1]))] >>> list(parsedag(b"*")) [('n', (0, [-1]))] >>> list(parsedag(b"...")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [1]))] A fork and a join, using numeric back references: >>> list(parsedag(b"+2*2*/2")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [0])), ('n', (3, [2, 1]))] >>> list(parsedag(b"+2<2+1/2")) [('n', (0, [-1])), ('n', (1, [0])), ('n', (2, [0])), ('n', (3, [2, 1]))] Placing a label: >>> list(parsedag(b"+1 :mylabel +1")) [('n', (0, [-1])), ('l', (0, 'mylabel')), ('n', (1, [0]))] An empty label (silly, really): >>> list(parsedag(b"+1:+1")) [('n', (0, [-1])), ('l', (0, '')), ('n', (1, [0]))] Fork and join, but with labels instead of numeric back references: >>> list(parsedag(b"+1:f +1:p2 *f */p2")) [('n', (0, [-1])), ('l', (0, 'f')), ('n', (1, [0])), ('l', (1, 'p2')), ('n', (2, [0])), ('n', (3, [2, 1]))] >>> list(parsedag(b"+1:f +1:p2 <f +1 /p2")) [('n', (0, [-1])), ('l', (0, 'f')), ('n', (1, [0])), ('l', (1, 'p2')), ('n', (2, [0])), ('n', (3, [2, 1]))] Restarting from the root: >>> list(parsedag(b"+1 $ +1")) [('n', (0, [-1])), ('n', (1, [-1]))] Annotations, which are meant to introduce sticky state for subsequent nodes: >>> list(parsedag(b"+1 @ann +1")) [('n', (0, [-1])), ('a', 'ann'), ('n', (1, [0]))] >>> list(parsedag(b'+1 @"my annotation" +1')) [('n', (0, [-1])), ('a', 'my annotation'), ('n', (1, [0]))] Commands, which are meant to operate on the most recently created node: >>> list(parsedag(b"+1 !cmd +1")) [('n', (0, [-1])), ('c', 'cmd'), ('n', (1, [0]))] >>> list(parsedag(b'+1 !"my command" +1')) [('n', (0, [-1])), ('c', 'my command'), ('n', (1, [0]))] >>> list(parsedag(b'+1 !!my command line\\n +1')) [('n', (0, [-1])), ('C', 'my command line'), ('n', (1, [0]))] Comments, which extend to the end of the line: >>> list(parsedag(b'+1 # comment\\n+1')) [('n', (0, [-1])), ('n', (1, [0]))] Error: >>> try: list(parsedag(b'+1 bad')) ... except Exception as e: print(pycompat.sysstr(bytes(e))) invalid character in dag description: bad... ''' if not desc: return wordchars = pycompat.bytestr(string.ascii_letters + string.digits) labels = {} p1 = -1 r = 0 def resolve(ref): if not ref: return p1 elif ref[0] in pycompat.bytestr(string.digits): return r - int(ref) else: return labels[ref] chiter = pycompat.iterbytestr(desc) def nextch(): return next(chiter, '\0') def nextrun(c, allow): s = '' while c in allow: s += c c = nextch() return c, s def nextdelimited(c, limit, escape): s = '' while c != limit: if c == escape: c = nextch() s += c c = nextch() return nextch(), s def nextstring(c): if c == '"': return nextdelimited(nextch(), '"', '\\') else: return nextrun(c, wordchars) c = nextch() while c != '\0': while c in pycompat.bytestr(string.whitespace): c = nextch() if c == '.': yield 'n', (r, [p1]) p1 = r r += 1 c = nextch() elif c == '+': c, digs = nextrun(nextch(), pycompat.bytestr(string.digits)) n = int(digs) for i in xrange(0, n): yield 'n', (r, [p1]) p1 = r r += 1 elif c in '*/': if c == '*': c = nextch() c, pref = nextstring(c) prefs = [pref] while c == '/': c, pref = nextstring(nextch()) prefs.append(pref) ps = [resolve(ref) for ref in prefs] yield 'n', (r, ps) p1 = r r += 1 elif c == '<': c, ref = nextstring(nextch()) p1 = resolve(ref) elif c == ':': c, name = nextstring(nextch()) labels[name] = p1 yield 'l', (p1, name) elif c == '@': c, text = nextstring(nextch()) yield 'a', text elif c == '!': c = nextch() if c == '!': cmd = '' c = nextch() while c not in '\n\r\0': cmd += c c = nextch() yield 'C', cmd else: c, cmd = nextstring(c) yield 'c', cmd elif c == '#': while c not in '\n\r\0': c = nextch() elif c == '$': p1 = -1 c = nextch() elif c == '\0': return # in case it was preceded by whitespace else: s = '' i = 0 while c != '\0' and i < 10: s += c i += 1 c = nextch() raise error.Abort(_('invalid character in dag description: ' '%s...') % s) def dagtextlines(events, addspaces=True, wraplabels=False, wrapannotations=False, wrapcommands=False, wrapnonlinear=False, usedots=False, maxlinewidth=70): '''generates single lines for dagtext()''' def wrapstring(text): if re.match("^[0-9a-z]*$", text): return text return '"' + text.replace('\\', '\\\\').replace('"', '\"') + '"' def gen(): labels = {} run = 0 wantr = 0 needroot = False for kind, data in events: if kind == 'n': r, ps = data # sanity check if r != wantr: raise error.Abort(_("expected id %i, got %i") % (wantr, r)) if not ps: ps = [-1] else: for p in ps: if p >= r: raise error.Abort(_("parent id %i is larger than " "current id %i") % (p, r)) wantr += 1 # new root? p1 = r - 1 if len(ps) == 1 and ps[0] == -1: if needroot: if run: yield '+%d' % run run = 0 if wrapnonlinear: yield '\n' yield '$' p1 = -1 else: needroot = True if len(ps) == 1 and ps[0] == p1: if usedots: yield "." else: run += 1 else: if run: yield '+%d' % run run = 0 if wrapnonlinear: yield '\n' prefs = [] for p in ps: if p == p1: prefs.append('') elif p in labels: prefs.append(labels[p]) else: prefs.append('%d' % (r - p)) yield '*' + '/'.join(prefs) else: if run: yield '+%d' % run run = 0 if kind == 'l': rid, name = data labels[rid] = name yield ':' + name if wraplabels: yield '\n' elif kind == 'c': yield '!' + wrapstring(data) if wrapcommands: yield '\n' elif kind == 'C': yield '!!' + data yield '\n' elif kind == 'a': if wrapannotations: yield '\n' yield '@' + wrapstring(data) elif kind == '#': yield '#' + data yield '\n' else: raise error.Abort(_("invalid event type in dag: " "('%s', '%s')") % (util.escapestr(kind), util.escapestr(data))) if run: yield '+%d' % run line = '' for part in gen(): if part == '\n': if line: yield line line = '' else: if len(line) + len(part) >= maxlinewidth: yield line line = '' elif addspaces and line and part != '.': line += ' ' line += part if line: yield line def dagtext(dag, addspaces=True, wraplabels=False, wrapannotations=False, wrapcommands=False, wrapnonlinear=False, usedots=False, maxlinewidth=70): '''generates lines of a textual representation for a dag event stream events should generate what parsedag() does, so: ('n', (id, [parentids])) for node creation ('l', (id, labelname)) for labels on nodes ('a', text) for annotations ('c', text) for commands ('C', text) for line commands ('!!') ('#', text) for comment lines Parent nodes must come before child nodes. Examples -------- Linear run: >>> dagtext([(b'n', (0, [-1])), (b'n', (1, [0]))]) '+2' Two roots: >>> dagtext([(b'n', (0, [-1])), (b'n', (1, [-1]))]) '+1 $ +1' Fork and join: >>> dagtext([(b'n', (0, [-1])), (b'n', (1, [0])), (b'n', (2, [0])), ... (b'n', (3, [2, 1]))]) '+2 *2 */2' Fork and join with labels: >>> dagtext([(b'n', (0, [-1])), (b'l', (0, b'f')), (b'n', (1, [0])), ... (b'l', (1, b'p2')), (b'n', (2, [0])), (b'n', (3, [2, 1]))]) '+1 :f +1 :p2 *f */p2' Annotations: >>> dagtext([(b'n', (0, [-1])), (b'a', b'ann'), (b'n', (1, [0]))]) '+1 @ann +1' >>> dagtext([(b'n', (0, [-1])), ... (b'a', b'my annotation'), ... (b'n', (1, [0]))]) '+1 @"my annotation" +1' Commands: >>> dagtext([(b'n', (0, [-1])), (b'c', b'cmd'), (b'n', (1, [0]))]) '+1 !cmd +1' >>> dagtext([(b'n', (0, [-1])), ... (b'c', b'my command'), ... (b'n', (1, [0]))]) '+1 !"my command" +1' >>> dagtext([(b'n', (0, [-1])), ... (b'C', b'my command line'), ... (b'n', (1, [0]))]) '+1 !!my command line\\n+1' Comments: >>> dagtext([(b'n', (0, [-1])), (b'#', b' comment'), (b'n', (1, [0]))]) '+1 # comment\\n+1' >>> dagtext([]) '' Combining parsedag and dagtext: >>> dagtext(parsedag(b'+1 :f +1 :p2 *f */p2')) '+1 :f +1 :p2 *f */p2' ''' return "\n".join(dagtextlines(dag, addspaces, wraplabels, wrapannotations, wrapcommands, wrapnonlinear, usedots, maxlinewidth))