D98: revset: support reading aliases from a .hgrevsets file
yuja (Yuya Nishihara)
phabricator at mercurial-scm.org
Thu Jul 20 10:17:11 EDT 2017
yuja added a comment.
> What else should we allow in here? Are there security concerns we should think through?
Probably safe, but could be used for DoS attack:
- `filesetalias` (not implemented)
- `revsetalias`
- `committemplate`
- `templatealias`
- `templates`
Unsafe (should never be allowed):
- `alias` (arbitrary command execution by shell alias or option like `bisect -c CMD`)
Obviously, they are all unsafe depending on extension predicates/functions/keywords, such
as a revset shelling out arbitrary inputs.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D98
EMAIL PREFERENCES
https://phab.mercurial-scm.org/settings/panel/emailpreferences/
To: indygreg, #hg-reviewers
Cc: durin42, yuja, mharbison72, quark, mercurial-devel
More information about the Mercurial-devel
mailing list