[PATCH 1 of 2 V2] ui: introduce an experimental dict of exportable environment variables
Matt Harbison
mharbison72 at gmail.com
Wed Jan 18 04:50:46 UTC 2017
# HG changeset patch
# User Matt Harbison <matt_harbison at yahoo.com>
# Date 1484712312 18000
# Tue Jan 17 23:05:12 2017 -0500
# Node ID 5a03e25ec0c0417e915b2014995bd83443ef97ec
# Parent 923336cf8b8afdb41746ecef8a39d773bd5538bf
ui: introduce an experimental dict of exportable environment variables
Care needs to be taken to prevent leaking potentially sensitive environment
variables through hgweb, if template support for environment variables is to be
introduced. There are a few ideas about the API for preventing accidental
leaking [1]. Option 3 seems best from the POV of not needing to configure
anything in the normal case. I couldn't figure out how to do that, so guard it
with an experimental option for now.
[1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-January/092383.html
diff --git a/mercurial/ui.py b/mercurial/ui.py
--- a/mercurial/ui.py
+++ b/mercurial/ui.py
@@ -147,6 +147,15 @@
self.httppasswordmgrdb = urlreq.httppasswordmgrwithdefaultrealm()
+ allowed = self.configlist('experimental', 'exportableenviron')
+ if '*' in allowed:
+ self._exportableenviron = self.environ
+ else:
+ self._exportableenviron = {}
+ for k in allowed:
+ if k in self.environ:
+ self._exportableenviron[k] = self.environ[k]
+
@classmethod
def load(cls):
"""Create a ui and load global and user configs"""
@@ -1211,6 +1220,12 @@
" update your code.)") % version
self.develwarn(msg, stacklevel=2, config='deprec-warn')
+ def exportableenviron(self):
+ """The environment variables that are safe to export, e.g. through
+ hgweb.
+ """
+ return self._exportableenviron
+
@contextlib.contextmanager
def configoverride(self, overrides, source=""):
"""Context manager for temporary config overrides
More information about the Mercurial-devel
mailing list