[PATCH] Proposed patch: support for Python functions as .hgignore filters
Steve Borho
steve at borho.org
Mon Jun 28 15:50:51 CDT 2010
On Mon, Jun 28, 2010 at 3:43 PM, Matt Mackall <mpm at selenic.com> wrote:
> On Mon, 2010-06-28 at 22:33 +0200, Mads Kiilerich wrote:
>> Boris Figovsky wrote, On 06/28/2010 10:07 PM:
>> > Hello,
>> > In a project I work on, our build system generated a lot of files in
>> > the working directory,
>> > and we wanted Mercurial to ignore them, but the current .hgignore
>> > syntax is not enough.
>> > We thought we could use Python functions, such as os.path.islink or
>> > mymodule.py's is_ignored() func.
>> > The outcome is the attached patch.
>>
>> .hgignore is tracked in the repository, so this patch would allow clever
>> users to execute any command on your machine if they can trick you to
>> pull to your repo. (For example by putting "python:os.system" in
>> .hgignore and creating the file "rm -rf ..".) We don't want that.
>>
>> It could work if it used some kind of secure sandboxed version of
>> python, but that is generally not an option.
>
> And Python's extensive introspection makes this basically impossible in
> CPython.
Could this be an 'opt-in' feature added by an extension?
--
Steve Borho
More information about the Mercurial-devel
mailing list