revset: prevent using outgoing() and remote() in hgweb session (BC) stable
authorYuya Nishihara <yuya@tcha.org>
Fri, 20 Jan 2017 21:33:18 +0900
branchstable
changeset 30850 41e31a6f5296
parent 30849 763031a7690d
child 30851 7bfe02b57695
revset: prevent using outgoing() and remote() in hgweb session (BC) outgoing() and remote() may stall for long due to network I/O, which seems unsafe per definition, "whether a predicate is safe for DoS attack." But I'm not 100% sure about this. If our concern isn't elapsed time but CPU resource, these predicates are considered safe. Perhaps that would be up to the web/application server configuration? Anyway, outgoing() and remote() wouldn't be useful in hgweb, so I think it's okay to ban them.
mercurial/revset.py
--- a/mercurial/revset.py	Thu Jan 19 16:23:49 2017 -0500
+++ b/mercurial/revset.py	Fri Jan 20 21:33:18 2017 +0900
@@ -1546,7 +1546,7 @@
     # some optimizations from the fact this is a baseset.
     return subset & o
 
-@predicate('outgoing([path])', safe=True)
+@predicate('outgoing([path])', safe=False)
 def outgoing(repo, subset, x):
     """Changesets not found in the specified destination repository, or the
     default push location.
@@ -1737,7 +1737,7 @@
     return subset.filter(condition, condrepr=('<phase %r>', target),
                          cache=False)
 
-@predicate('remote([id [,path]])', safe=True)
+@predicate('remote([id [,path]])', safe=False)
 def remote(repo, subset, x):
     """Local revision that corresponds to the given identifier in a
     remote repository, if present. Here, the '.' identifier is a