mirror of
https://github.com/facebook/sapling.git
synced 2024-10-07 23:38:50 +03:00
ui: introduce an experimental dict of exportable environment variables
Care needs to be taken to prevent leaking potentially sensitive environment variables through hgweb, if template support for environment variables is to be introduced. There are a few ideas about the API for preventing accidental leaking [1]. Option 3 seems best from the POV of not needing to configure anything in the normal case. I couldn't figure out how to do that, so guard it with an experimental option for now. [1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-January/092383.html
This commit is contained in:
parent
10cc5b4f2f
commit
5a63dbb230
@ -147,6 +147,15 @@ class ui(object):
|
||||
|
||||
self.httppasswordmgrdb = urlreq.httppasswordmgrwithdefaultrealm()
|
||||
|
||||
allowed = self.configlist('experimental', 'exportableenviron')
|
||||
if '*' in allowed:
|
||||
self._exportableenviron = self.environ
|
||||
else:
|
||||
self._exportableenviron = {}
|
||||
for k in allowed:
|
||||
if k in self.environ:
|
||||
self._exportableenviron[k] = self.environ[k]
|
||||
|
||||
@classmethod
|
||||
def load(cls):
|
||||
"""Create a ui and load global and user configs"""
|
||||
@ -1211,6 +1220,12 @@ class ui(object):
|
||||
" update your code.)") % version
|
||||
self.develwarn(msg, stacklevel=2, config='deprec-warn')
|
||||
|
||||
def exportableenviron(self):
|
||||
"""The environment variables that are safe to export, e.g. through
|
||||
hgweb.
|
||||
"""
|
||||
return self._exportableenviron
|
||||
|
||||
@contextlib.contextmanager
|
||||
def configoverride(self, overrides, source=""):
|
||||
"""Context manager for temporary config overrides
|
||||
|
Loading…
Reference in New Issue
Block a user