[PATCH] dispatch: also allow "hg serve --stdio" on the current repo
Yuya Nishihara
yuya at tcha.org
Wed May 17 10:34:12 EDT 2017
On Tue, 16 May 2017 21:30:53 -0700, Martin von Zweigbergk via Mercurial-devel wrote:
> # HG changeset patch
> # User Martin von Zweigbergk <martinvonz at google.com>
> # Date 1494994835 25200
> # Tue May 16 21:20:35 2017 -0700
> # Node ID 70c51c9d67c69d4fb4cfcd5990a8e8906b55f576
> # Parent 779a1ae6d0d9eeb487636f665747e92195eb234e
> dispatch: also allow "hg serve --stdio" on the current repo
>
> Since 77eaf9539499 (dispatch: protect against malicious 'hg serve
> --stdio' invocations (sec), 2017-04-12), we only allow "hg -R <repo>
> serve --stdio" (with <repo> not starting with "--"). It seems safe to
> also allow it on the current repo (i.e. without "-R <repo>"), so let's
> allow that.
Seems okay to allow it, but how permissive should "hg serve --stdio" be?
If I understand the idea, we only allow the arguments pattern which an sshpeer
could generate.
> --- a/mercurial/dispatch.py
> +++ b/mercurial/dispatch.py
> @@ -227,11 +227,18 @@
> # shenanigans wherein a user does something like pass
> # --debugger or --config=ui.debugger=1 as a repo
> # name. This used to actually run the debugger.
Nit: the comment above needs to be updated.
> - if (len(req.args) != 4 or
> - req.args[0] != '-R' or
> - req.args[1].startswith('--') or
> - req.args[2] != 'serve' or
> - req.args[3] != '--stdio'):
> + safe = False
> + if (len(req.args) == 2 and
> + req.args[0] == 'serve' and
> + req.args[1] == '--stdio'):
> + safe = True
> + if (len(req.args) == 4 and
> + req.args[0] == '-R' and
> + not req.args[1].startswith('--') and
> + req.args[2] == 'serve' and
> + req.args[3] == '--stdio'):
> + safe = True
More information about the Mercurial-devel
mailing list