[PATCH 1 of 2 V2] ui: introduce an experimental dict of exportable environment variables

Matt Harbison mharbison72 at gmail.com
Wed Jan 18 21:32:34 EST 2017


On Wed, 18 Jan 2017 08:52:43 -0500, Yuya Nishihara <yuya at tcha.org> wrote:

> On Tue, 17 Jan 2017 23:50:46 -0500, Matt Harbison wrote:
>> # HG changeset patch
>> # User Matt Harbison <matt_harbison at yahoo.com>
>> # Date 1484712312 18000
>> #      Tue Jan 17 23:05:12 2017 -0500
>> # Node ID 5a03e25ec0c0417e915b2014995bd83443ef97ec
>> # Parent  923336cf8b8afdb41746ecef8a39d773bd5538bf
>> ui: introduce an experimental dict of exportable environment variables
>
> This looks good as an experimental implementation, so queued, thanks.
> I found a few minor problems, which can be fixed later.
>
>> Care needs to be taken to prevent leaking potentially sensitive  
>> environment
>> variables through hgweb, if template support for environment variables  
>> is to be
>> introduced.  There are a few ideas about the API for preventing  
>> accidental
>> leaking [1].  Option 3 seems best from the POV of not needing to  
>> configure
>> anything in the normal case.  I couldn't figure out how to do that, so  
>> guard it
>> with an experimental option for now.
>>
>> [1]  
>> https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-January/092383.html
>
> In addition to hgweb, we'll probably need to consider the case where hg
> command is executed behind a third-party web application. A web frontend  
> may
> pass a revset provided by user for example, which seems a valid use case.

OK.  But this is well beyond anything I've done or understand, so I'll  
need pointers if there's anything specific to this case.

>> --- a/mercurial/ui.py
>> +++ b/mercurial/ui.py
>> @@ -147,6 +147,15 @@
>>
>>              self.httppasswordmgrdb =  
>> urlreq.httppasswordmgrwithdefaultrealm()
>>
>> +        allowed = self.configlist('experimental', 'exportableenviron')
>> +        if '*' in allowed:
>> +            self._exportableenviron = self.environ
>> +        else:
>> +            self._exportableenviron = {}
>> +            for k in allowed:
>> +                if k in self.environ:
>> +                    self._exportableenviron[k] = self.environ[k]
>
> Perhaps s/self.environ/encoding.environ/ would be better since  
> self.environ
> can be a WSGI-request environ. (FWIW, I have no idea why we need to carry
> around WSGI environ by ui.)

OK.  I wasn't sure what it was, and just assumed it was some existing  
filtering of variables.

> And we'll need to build the dict by fixconfig(), not by __init__().

Is there a way to know if ui is being used by hgweb or a web app?  I'd  
prefer this --config setting go away, at least in the default case.  Maybe  
it's useful if someone wants to opt in some vars for hgweb, for some  
reason.


More information about the Mercurial-devel mailing list