D4525: narrow: validate patterns on incoming bundle2 part

indygreg (Gregory Szorc) phabricator at mercurial-scm.org
Tue Sep 11 18:52:36 UTC 2018


indygreg created this revision.
Herald added a reviewer: durin42.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REVISION SUMMARY
  The remote data is untrusted and needs to be validated for
  pattern conformance.

REPOSITORY
  rHG Mercurial

REVISION DETAIL
  https://phab.mercurial-scm.org/D4525

AFFECTED FILES
  hgext/narrow/narrowbundle2.py

CHANGE DETAILS

diff --git a/hgext/narrow/narrowbundle2.py b/hgext/narrow/narrowbundle2.py
--- a/hgext/narrow/narrowbundle2.py
+++ b/hgext/narrow/narrowbundle2.py
@@ -195,6 +195,9 @@
 def _handlechangespec_2(op, inpart):
     includepats = set(inpart.params.get(_SPECPART_INCLUDE, '').splitlines())
     excludepats = set(inpart.params.get(_SPECPART_EXCLUDE, '').splitlines())
+    narrowspec.validatepatterns(includepats)
+    narrowspec.validatepatterns(excludepats)
+
     if not repository.NARROW_REQUIREMENT in op.repo.requirements:
         op.repo.requirements.add(repository.NARROW_REQUIREMENT)
         op.repo._writerequirements()



To: indygreg, durin42, #hg-reviewers
Cc: mercurial-devel


More information about the Mercurial-devel mailing list