view tests/test-url.py @ 44363:f7459da77f23

nodemap: introduce an option to use mmap to read the nodemap mapping The performance and memory benefit is much greater if we don't have to copy all the data in memory for each information. So we introduce an option (on by default) to read the data using mmap. This changeset is the last one definition the API for index support nodemap data. (they have to be able to use the mmaping). Below are some benchmark comparing the best we currently have in 5.3 with the final step of this series (using the persistent nodemap implementation in Rust). The benchmark run `hg perfindex` with various revset and the following variants: Before: * do not use the persistent nodemap * use the CPython implementation of the index for nodemap * use mmapping of the changelog index After: * use the MixedIndex Rust code, with the NodeTree object for nodemap access (still in review) * use the persistent nodemap data from disk * access the persistent nodemap data through mmap * use mmapping of the changelog index The persistent nodemap greatly speed up most operation on very large repositories. Some of the previously very fast lookup end up a bit slower because the persistent nodemap has to be setup. However the absolute slowdown is very small and won't matters in the big picture. Here are some numbers (in seconds) for the reference copy of mozilla-try: Revset Before After abs-change speedup -10000: 0.004622 0.005532 0.000910 × 0.83 -10: 0.000050 0.000132 0.000082 × 0.37 tip 0.000052 0.000085 0.000033 × 0.61 0 + (-10000:) 0.028222 0.005337 -0.022885 × 5.29 0 0.023521 0.000084 -0.023437 × 280.01 (-10000:) + 0 0.235539 0.005308 -0.230231 × 44.37 (-10:) + :9 0.232883 0.000180 -0.232703 ×1293.79 (-10000:) + (:99) 0.238735 0.005358 -0.233377 × 44.55 :99 + (-10000:) 0.317942 0.005593 -0.312349 × 56.84 :9 + (-10:) 0.313372 0.000179 -0.313193 ×1750.68 :9 0.316450 0.000143 -0.316307 ×2212.93 On smaller repositories, the cost of nodemap related operation is not as big, so the win is much more modest. Yet it helps shaving a handful of millisecond here and there. Here are some numbers (in seconds) for the reference copy of mercurial: Revset Before After abs-change speedup -10: 0.000065 0.000097 0.000032 × 0.67 tip 0.000063 0.000078 0.000015 × 0.80 0 0.000561 0.000079 -0.000482 × 7.10 -10000: 0.004609 0.003648 -0.000961 × 1.26 0 + (-10000:) 0.005023 0.003715 -0.001307 × 1.35 (-10:) + :9 0.002187 0.000108 -0.002079 ×20.25 (-10000:) + 0 0.006252 0.003716 -0.002536 × 1.68 (-10000:) + (:99) 0.006367 0.003707 -0.002660 × 1.71 :9 + (-10:) 0.003846 0.000110 -0.003736 ×34.96 :9 0.003854 0.000099 -0.003755 ×38.92 :99 + (-10000:) 0.007644 0.003778 -0.003866 × 2.02 Differential Revision: https://phab.mercurial-scm.org/D7894
author Pierre-Yves David <pierre-yves.david@octobus.net>
date Tue, 11 Feb 2020 11:18:52 +0100
parents 2372284d9457
children d2e1dcd4490d
line wrap: on
line source

# coding=utf-8
from __future__ import absolute_import, print_function

import doctest
import os


def check(a, b):
    if a != b:
        print((a, b))


def cert(cn):
    return {'subject': ((('commonName', cn),),)}


from mercurial import sslutil

_verifycert = sslutil._verifycert
# Test non-wildcard certificates
check(_verifycert(cert('example.com'), 'example.com'), None)
check(
    _verifycert(cert('example.com'), 'www.example.com'),
    b'certificate is for example.com',
)
check(
    _verifycert(cert('www.example.com'), 'example.com'),
    b'certificate is for www.example.com',
)

# Test wildcard certificates
check(_verifycert(cert('*.example.com'), 'www.example.com'), None)
check(
    _verifycert(cert('*.example.com'), 'example.com'),
    b'certificate is for *.example.com',
)
check(
    _verifycert(cert('*.example.com'), 'w.w.example.com'),
    b'certificate is for *.example.com',
)

# Test subjectAltName
san_cert = {
    'subject': ((('commonName', 'example.com'),),),
    'subjectAltName': (('DNS', '*.example.net'), ('DNS', 'example.net')),
}
check(_verifycert(san_cert, 'example.net'), None)
check(_verifycert(san_cert, 'foo.example.net'), None)
# no fallback to subject commonName when subjectAltName has DNS
check(
    _verifycert(san_cert, 'example.com'),
    b'certificate is for *.example.net, example.net',
)
# fallback to subject commonName when no DNS in subjectAltName
san_cert = {
    'subject': ((('commonName', 'example.com'),),),
    'subjectAltName': (('IP Address', '8.8.8.8'),),
}
check(_verifycert(san_cert, 'example.com'), None)

# Avoid some pitfalls
check(_verifycert(cert('*.foo'), 'foo'), b'certificate is for *.foo')
check(_verifycert(cert('*o'), 'foo'), None)

check(
    _verifycert({'subject': ()}, 'example.com'),
    b'no commonName or subjectAltName found in certificate',
)
check(_verifycert(None, 'example.com'), b'no certificate received')

# Unicode (IDN) certname isn't supported
check(
    _verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
    b'IDN in certificate not supported',
)

# The following tests are from CPython's test_ssl.py.
check(_verifycert(cert('example.com'), 'example.com'), None)
check(_verifycert(cert('example.com'), 'ExAmple.cOm'), None)
check(
    _verifycert(cert('example.com'), 'www.example.com'),
    b'certificate is for example.com',
)
check(
    _verifycert(cert('example.com'), '.example.com'),
    b'certificate is for example.com',
)
check(
    _verifycert(cert('example.com'), 'example.org'),
    b'certificate is for example.com',
)
check(
    _verifycert(cert('example.com'), 'exampleXcom'),
    b'certificate is for example.com',
)
check(_verifycert(cert('*.a.com'), 'foo.a.com'), None)
check(
    _verifycert(cert('*.a.com'), 'bar.foo.a.com'), b'certificate is for *.a.com'
)
check(_verifycert(cert('*.a.com'), 'a.com'), b'certificate is for *.a.com')
check(_verifycert(cert('*.a.com'), 'Xa.com'), b'certificate is for *.a.com')
check(_verifycert(cert('*.a.com'), '.a.com'), b'certificate is for *.a.com')

# only match one left-most wildcard
check(_verifycert(cert('f*.com'), 'foo.com'), None)
check(_verifycert(cert('f*.com'), 'f.com'), None)
check(_verifycert(cert('f*.com'), 'bar.com'), b'certificate is for f*.com')
check(_verifycert(cert('f*.com'), 'foo.a.com'), b'certificate is for f*.com')
check(_verifycert(cert('f*.com'), 'bar.foo.com'), b'certificate is for f*.com')

# NULL bytes are bad, CVE-2013-4073
check(
    _verifycert(
        cert('null.python.org\x00example.org'), 'null.python.org\x00example.org'
    ),
    None,
)
check(
    _verifycert(cert('null.python.org\x00example.org'), 'example.org'),
    b'certificate is for null.python.org\x00example.org',
)
check(
    _verifycert(cert('null.python.org\x00example.org'), 'null.python.org'),
    b'certificate is for null.python.org\x00example.org',
)

# error cases with wildcards
check(
    _verifycert(cert('*.*.a.com'), 'bar.foo.a.com'),
    b'certificate is for *.*.a.com',
)
check(_verifycert(cert('*.*.a.com'), 'a.com'), b'certificate is for *.*.a.com')
check(_verifycert(cert('*.*.a.com'), 'Xa.com'), b'certificate is for *.*.a.com')
check(_verifycert(cert('*.*.a.com'), '.a.com'), b'certificate is for *.*.a.com')

check(_verifycert(cert('a.*.com'), 'a.foo.com'), b'certificate is for a.*.com')
check(_verifycert(cert('a.*.com'), 'a..com'), b'certificate is for a.*.com')
check(_verifycert(cert('a.*.com'), 'a.com'), b'certificate is for a.*.com')

# wildcard doesn't match IDNA prefix 'xn--'
idna = u'püthon.python.org'.encode('idna').decode('ascii')
check(_verifycert(cert(idna), idna), None)
check(
    _verifycert(cert('x*.python.org'), idna),
    b'certificate is for x*.python.org',
)
check(
    _verifycert(cert('xn--p*.python.org'), idna),
    b'certificate is for xn--p*.python.org',
)

# wildcard in first fragment and  IDNA A-labels in sequent fragments
# are supported.
idna = u'www*.pythön.org'.encode('idna').decode('ascii')
check(
    _verifycert(cert(idna), u'www.pythön.org'.encode('idna').decode('ascii')),
    None,
)
check(
    _verifycert(cert(idna), u'www1.pythön.org'.encode('idna').decode('ascii')),
    None,
)
check(
    _verifycert(cert(idna), u'ftp.pythön.org'.encode('idna').decode('ascii')),
    b'certificate is for www*.xn--pythn-mua.org',
)
check(
    _verifycert(cert(idna), u'pythön.org'.encode('idna').decode('ascii')),
    b'certificate is for www*.xn--pythn-mua.org',
)

c = {
    'notAfter': 'Jun 26 21:41:46 2011 GMT',
    'subject': (((u'commonName', u'linuxfrz.org'),),),
    'subjectAltName': (
        ('DNS', 'linuxfr.org'),
        ('DNS', 'linuxfr.com'),
        ('othername', '<unsupported>'),
    ),
}
check(_verifycert(c, 'linuxfr.org'), None)
check(_verifycert(c, 'linuxfr.com'), None)
# Not a "DNS" entry
check(
    _verifycert(c, '<unsupported>'),
    b'certificate is for linuxfr.org, linuxfr.com',
)
# When there is a subjectAltName, commonName isn't used
check(
    _verifycert(c, 'linuxfrz.org'),
    b'certificate is for linuxfr.org, linuxfr.com',
)

# A pristine real-world example
c = {
    'notAfter': 'Dec 18 23:59:59 2011 GMT',
    'subject': (
        ((u'countryName', u'US'),),
        ((u'stateOrProvinceName', u'California'),),
        ((u'localityName', u'Mountain View'),),
        ((u'organizationName', u'Google Inc'),),
        ((u'commonName', u'mail.google.com'),),
    ),
}
check(_verifycert(c, 'mail.google.com'), None)
check(_verifycert(c, 'gmail.com'), b'certificate is for mail.google.com')

# Only commonName is considered
check(_verifycert(c, 'California'), b'certificate is for mail.google.com')

# Neither commonName nor subjectAltName
c = {
    'notAfter': 'Dec 18 23:59:59 2011 GMT',
    'subject': (
        ((u'countryName', u'US'),),
        ((u'stateOrProvinceName', u'California'),),
        ((u'localityName', u'Mountain View'),),
        ((u'organizationName', u'Google Inc'),),
    ),
}
check(
    _verifycert(c, 'mail.google.com'),
    b'no commonName or subjectAltName found in certificate',
)

# No DNS entry in subjectAltName but a commonName
c = {
    'notAfter': 'Dec 18 23:59:59 2099 GMT',
    'subject': (
        ((u'countryName', u'US'),),
        ((u'stateOrProvinceName', u'California'),),
        ((u'localityName', u'Mountain View'),),
        ((u'commonName', u'mail.google.com'),),
    ),
    'subjectAltName': (('othername', 'blabla'),),
}
check(_verifycert(c, 'mail.google.com'), None)

# No DNS entry subjectAltName and no commonName
c = {
    'notAfter': 'Dec 18 23:59:59 2099 GMT',
    'subject': (
        ((u'countryName', u'US'),),
        ((u'stateOrProvinceName', u'California'),),
        ((u'localityName', u'Mountain View'),),
        ((u'organizationName', u'Google Inc'),),
    ),
    'subjectAltName': (('othername', 'blabla'),),
}
check(
    _verifycert(c, 'google.com'),
    b'no commonName or subjectAltName found in certificate',
)

# Empty cert / no cert
check(_verifycert(None, 'example.com'), b'no certificate received')
check(_verifycert({}, 'example.com'), b'no certificate received')

# avoid denials of service by refusing more than one
# wildcard per fragment.
check(
    _verifycert({'subject': (((u'commonName', u'a*b.com'),),)}, 'axxb.com'),
    None,
)
check(
    _verifycert({'subject': (((u'commonName', u'a*b.co*'),),)}, 'axxb.com'),
    b'certificate is for a*b.co*',
)
check(
    _verifycert({'subject': (((u'commonName', u'a*b*.com'),),)}, 'axxbxxc.com'),
    b'too many wildcards in certificate DNS name: a*b*.com',
)


def test_url():
    """
    >>> from mercurial import error, pycompat
    >>> from mercurial.util import url
    >>> from mercurial.utils.stringutil import forcebytestr

    This tests for edge cases in url.URL's parsing algorithm. Most of
    these aren't useful for documentation purposes, so they aren't
    part of the class's doc tests.

    Query strings and fragments:

    >>> url(b'http://host/a?b#c')
    <url scheme: 'http', host: 'host', path: 'a', query: 'b', fragment: 'c'>
    >>> url(b'http://host/a?')
    <url scheme: 'http', host: 'host', path: 'a'>
    >>> url(b'http://host/a#b#c')
    <url scheme: 'http', host: 'host', path: 'a', fragment: 'b#c'>
    >>> url(b'http://host/a#b?c')
    <url scheme: 'http', host: 'host', path: 'a', fragment: 'b?c'>
    >>> url(b'http://host/?a#b')
    <url scheme: 'http', host: 'host', path: '', query: 'a', fragment: 'b'>
    >>> url(b'http://host/?a#b', parsequery=False)
    <url scheme: 'http', host: 'host', path: '?a', fragment: 'b'>
    >>> url(b'http://host/?a#b', parsefragment=False)
    <url scheme: 'http', host: 'host', path: '', query: 'a#b'>
    >>> url(b'http://host/?a#b', parsequery=False, parsefragment=False)
    <url scheme: 'http', host: 'host', path: '?a#b'>

    IPv6 addresses:

    >>> url(b'ldap://[2001:db8::7]/c=GB?objectClass?one')
    <url scheme: 'ldap', host: '[2001:db8::7]', path: 'c=GB',
         query: 'objectClass?one'>
    >>> url(b'ldap://joe:xxx@[2001:db8::7]:80/c=GB?objectClass?one')
    <url scheme: 'ldap', user: 'joe', passwd: 'xxx', host: '[2001:db8::7]',
         port: '80', path: 'c=GB', query: 'objectClass?one'>

    Missing scheme, host, etc.:

    >>> url(b'://192.0.2.16:80/')
    <url path: '://192.0.2.16:80/'>
    >>> url(b'https://mercurial-scm.org')
    <url scheme: 'https', host: 'mercurial-scm.org'>
    >>> url(b'/foo')
    <url path: '/foo'>
    >>> url(b'bundle:/foo')
    <url scheme: 'bundle', path: '/foo'>
    >>> url(b'a?b#c')
    <url path: 'a?b', fragment: 'c'>
    >>> url(b'http://x.com?arg=/foo')
    <url scheme: 'http', host: 'x.com', query: 'arg=/foo'>
    >>> url(b'http://joe:xxx@/foo')
    <url scheme: 'http', user: 'joe', passwd: 'xxx', path: 'foo'>

    Just a scheme and a path:

    >>> url(b'mailto:John.Doe@example.com')
    <url scheme: 'mailto', path: 'John.Doe@example.com'>
    >>> url(b'a:b:c:d')
    <url path: 'a:b:c:d'>
    >>> url(b'aa:bb:cc:dd')
    <url scheme: 'aa', path: 'bb:cc:dd'>

    SSH examples:

    >>> url(b'ssh://joe@host//home/joe')
    <url scheme: 'ssh', user: 'joe', host: 'host', path: '/home/joe'>
    >>> url(b'ssh://joe:xxx@host/src')
    <url scheme: 'ssh', user: 'joe', passwd: 'xxx', host: 'host', path: 'src'>
    >>> url(b'ssh://joe:xxx@host')
    <url scheme: 'ssh', user: 'joe', passwd: 'xxx', host: 'host'>
    >>> url(b'ssh://joe@host')
    <url scheme: 'ssh', user: 'joe', host: 'host'>
    >>> url(b'ssh://host')
    <url scheme: 'ssh', host: 'host'>
    >>> url(b'ssh://')
    <url scheme: 'ssh'>
    >>> url(b'ssh:')
    <url scheme: 'ssh'>

    Non-numeric port:

    >>> url(b'http://example.com:dd')
    <url scheme: 'http', host: 'example.com', port: 'dd'>
    >>> url(b'ssh://joe:xxx@host:ssh/foo')
    <url scheme: 'ssh', user: 'joe', passwd: 'xxx', host: 'host', port: 'ssh',
         path: 'foo'>

    Bad authentication credentials:

    >>> url(b'http://joe@joeville:123@4:@host/a?b#c')
    <url scheme: 'http', user: 'joe@joeville', passwd: '123@4:',
         host: 'host', path: 'a', query: 'b', fragment: 'c'>
    >>> url(b'http://!*#?/@!*#?/:@host/a?b#c')
    <url scheme: 'http', host: '!*', fragment: '?/@!*#?/:@host/a?b#c'>
    >>> url(b'http://!*#?@!*#?:@host/a?b#c')
    <url scheme: 'http', host: '!*', fragment: '?@!*#?:@host/a?b#c'>
    >>> url(b'http://!*@:!*@@host/a?b#c')
    <url scheme: 'http', user: '!*@', passwd: '!*@', host: 'host',
         path: 'a', query: 'b', fragment: 'c'>

    File paths:

    >>> url(b'a/b/c/d.g.f')
    <url path: 'a/b/c/d.g.f'>
    >>> url(b'/x///z/y/')
    <url path: '/x///z/y/'>
    >>> url(b'/foo:bar')
    <url path: '/foo:bar'>
    >>> url(b'\\\\foo:bar')
    <url path: '\\\\foo:bar'>
    >>> url(b'./foo:bar')
    <url path: './foo:bar'>

    Non-localhost file URL:

    >>> try:
    ...   u = url(b'file://mercurial-scm.org/foo')
    ... except error.Abort as e:
    ...   forcebytestr(e)
    'file:// URLs can only refer to localhost'

    Empty URL:

    >>> u = url(b'')
    >>> u
    <url path: ''>
    >>> str(u)
    ''

    Empty path with query string:

    >>> str(url(b'http://foo/?bar'))
    'http://foo/?bar'

    Invalid path:

    >>> u = url(b'http://foo/bar')
    >>> u.path = b'bar'
    >>> str(u)
    'http://foo/bar'

    >>> u = url(b'file:/foo/bar/baz')
    >>> u
    <url scheme: 'file', path: '/foo/bar/baz'>
    >>> str(u)
    'file:///foo/bar/baz'
    >>> pycompat.bytestr(u.localpath())
    '/foo/bar/baz'

    >>> u = url(b'file:///foo/bar/baz')
    >>> u
    <url scheme: 'file', path: '/foo/bar/baz'>
    >>> str(u)
    'file:///foo/bar/baz'
    >>> pycompat.bytestr(u.localpath())
    '/foo/bar/baz'

    >>> u = url(b'file:///f:oo/bar/baz')
    >>> u
    <url scheme: 'file', path: 'f:oo/bar/baz'>
    >>> str(u)
    'file:///f:oo/bar/baz'
    >>> pycompat.bytestr(u.localpath())
    'f:oo/bar/baz'

    >>> u = url(b'file://localhost/f:oo/bar/baz')
    >>> u
    <url scheme: 'file', host: 'localhost', path: 'f:oo/bar/baz'>
    >>> str(u)
    'file://localhost/f:oo/bar/baz'
    >>> pycompat.bytestr(u.localpath())
    'f:oo/bar/baz'

    >>> u = url(b'file:foo/bar/baz')
    >>> u
    <url scheme: 'file', path: 'foo/bar/baz'>
    >>> str(u)
    'file:foo/bar/baz'
    >>> pycompat.bytestr(u.localpath())
    'foo/bar/baz'
    """


if 'TERM' in os.environ:
    del os.environ['TERM']

doctest.testmod(optionflags=doctest.NORMALIZE_WHITESPACE)