changeset 30832:da5fa0f13a41

ui: introduce an experimental dict of exportable environment variables Care needs to be taken to prevent leaking potentially sensitive environment variables through hgweb, if template support for environment variables is to be introduced. There are a few ideas about the API for preventing accidental leaking [1]. Option 3 seems best from the POV of not needing to configure anything in the normal case. I couldn't figure out how to do that, so guard it with an experimental option for now. [1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-January/092383.html
author Matt Harbison <matt_harbison@yahoo.com>
date Tue, 17 Jan 2017 23:05:12 -0500
parents 9f264adbe75b
children bd5e9647f646
files mercurial/ui.py
diffstat 1 files changed, 15 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/ui.py	Tue Jan 17 13:44:53 2017 +0800
+++ b/mercurial/ui.py	Tue Jan 17 23:05:12 2017 -0500
@@ -147,6 +147,15 @@
 
             self.httppasswordmgrdb = urlreq.httppasswordmgrwithdefaultrealm()
 
+        allowed = self.configlist('experimental', 'exportableenviron')
+        if '*' in allowed:
+            self._exportableenviron = self.environ
+        else:
+            self._exportableenviron = {}
+            for k in allowed:
+                if k in self.environ:
+                    self._exportableenviron[k] = self.environ[k]
+
     @classmethod
     def load(cls):
         """Create a ui and load global and user configs"""
@@ -1211,6 +1220,12 @@
                 " update your code.)") % version
         self.develwarn(msg, stacklevel=2, config='deprec-warn')
 
+    def exportableenviron(self):
+        """The environment variables that are safe to export, e.g. through
+        hgweb.
+        """
+        return self._exportableenviron
+
     @contextlib.contextmanager
     def configoverride(self, overrides, source=""):
         """Context manager for temporary config overrides