Mercurial Mercurial > hg / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
narrow: validate patterns returned by expandnarrow
authorGregory Szorc <gregory.szorc@gmail.com>
Tue, 11 Sep 2018 10:36:07 -0700
changeset 39532 55eea29833d2
parent 39531 0d572769046a
child 39533 f6bcb4f9cd3c
narrow: validate patterns returned by expandnarrow Remotes could supply malicious or invalid patterns. We should validate them as soon as possible. Differential Revision: https://phab.mercurial-scm.org/D4523
hgext/narrow/narrowcommands.py file | annotate | diff | comparison | revisions 
--- a/hgext/narrow/narrowcommands.py	Tue Sep 11 15:25:35 2018 -0700
+++ b/hgext/narrow/narrowcommands.py	Tue Sep 11 10:36:07 2018 -0700
@@ -71,7 +71,15 @@
         includepats, excludepats, heads)
     pullop.repo.ui.debug('Expanded narrowspec to inc=%s, exc=%s\n' % (
         includepats, excludepats))
-    return set(includepats), set(excludepats)
+
+    includepats = set(includepats)
+    excludepats = set(excludepats)
+
+    # Nefarious remote could supply unsafe patterns. Validate them.
+    narrowspec.validatepatterns(includepats)
+    narrowspec.validatepatterns(excludepats)
+
+    return includepats, excludepats
 
 def clonenarrowcmd(orig, ui, repo, *args, **opts):
     """Wraps clone command, so 'hg clone' first wraps localrepo.clone()."""
Mercurial