[PATCH] Proposed patch: support for Python functions as .hgignore filters

Matt Mackall mpm at selenic.com
Mon Jun 28 15:43:37 CDT 2010


On Mon, 2010-06-28 at 22:33 +0200, Mads Kiilerich wrote:
> Boris Figovsky wrote, On 06/28/2010 10:07 PM:
> > Hello,
> > In a project I work on, our build system generated a lot of files in
> > the working directory,
> > and we wanted Mercurial to ignore them, but the current .hgignore
> > syntax is not enough.
> > We thought we could use Python functions, such as os.path.islink or
> > mymodule.py's is_ignored() func.
> > The outcome is the attached patch.
> 
> .hgignore is tracked in the repository, so this patch would allow clever 
> users to execute any command on your machine if they can trick you to 
> pull to your repo. (For example by putting "python:os.system" in 
> .hgignore and creating the file "rm -rf ..".) We don't want that.
> 
> It could work if it used some kind of secure sandboxed version of 
> python, but that is generally not an option.

And Python's extensive introspection makes this basically impossible in
CPython.

-- 
Mathematics is the supreme nostalgia of our time.




More information about the Mercurial-devel mailing list