mirror of
https://github.com/facebook/sapling.git
synced 2025-01-06 21:48:36 +03:00
context: use a the nofsauditor when matching file in history (issue4749)
Before this change, asking for file from history (eg: 'hg cat -r 42 foo/bar') could fail because of the current content of the working copy (eg: current "foo" being a symlink). As the working copy state have no influence on the content of the history, we can safely skip these checks. The working copy context class have a different 'match' implementation. That implementation still use the repo.auditor will still catch symlink traversal. I've audited all stuff calling "match" and they all go through a ctx in a sensible way. The most unclear case was diff which still seemed okay. You raised my paranoid level today and I double checked through tests. They behave properly. The odds of someone using the wrong (matching with a changectx for operation that will eventually touch the file system) is non-zero because you are never sure of what people will do. But I dunno if we can fight against that. So I would not commit to "never" for "at this level" and "in the future" if someone write especially bad code. However, as a last defense, the vfs itself is running path auditor in all cases outside of .hg/. So I think anything passing the 'matcher' for buggy reason would growl at the vfs layer.
This commit is contained in:
parent
44f90da4f8
commit
756a483011
@ -271,7 +271,7 @@ class basectx(object):
|
|||||||
r = self._repo
|
r = self._repo
|
||||||
return matchmod.match(r.root, r.getcwd(), pats,
|
return matchmod.match(r.root, r.getcwd(), pats,
|
||||||
include, exclude, default,
|
include, exclude, default,
|
||||||
auditor=r.auditor, ctx=self,
|
auditor=r.nofsauditor, ctx=self,
|
||||||
listsubrepos=listsubrepos, badfn=badfn)
|
listsubrepos=listsubrepos, badfn=badfn)
|
||||||
|
|
||||||
def diff(self, ctx2=None, match=None, **opts):
|
def diff(self, ctx2=None, match=None, **opts):
|
||||||
|
@ -27,6 +27,45 @@ should still fail - maybe
|
|||||||
abort: path 'b/b' traverses symbolic link 'b' (glob)
|
abort: path 'b/b' traverses symbolic link 'b' (glob)
|
||||||
[255]
|
[255]
|
||||||
|
|
||||||
|
$ hg commit -m 'add symlink b'
|
||||||
|
|
||||||
|
|
||||||
|
Test symlink traversing when accessing history:
|
||||||
|
-----------------------------------------------
|
||||||
|
|
||||||
|
(build a changeset where the path exists as a directory)
|
||||||
|
|
||||||
|
$ hg up 0
|
||||||
|
0 files updated, 0 files merged, 1 files removed, 0 files unresolved
|
||||||
|
$ mkdir b
|
||||||
|
$ echo c > b/a
|
||||||
|
$ hg add b/a
|
||||||
|
$ hg ci -m 'add directory b'
|
||||||
|
created new head
|
||||||
|
|
||||||
|
Test that hg cat does not do anything wrong the working copy has 'b' as directory
|
||||||
|
|
||||||
|
$ hg cat b/a
|
||||||
|
c
|
||||||
|
$ hg cat -r "desc(directory)" b/a
|
||||||
|
c
|
||||||
|
$ hg cat -r "desc(symlink)" b/a
|
||||||
|
b/a: no such file in rev bc151a1f53bd
|
||||||
|
[1]
|
||||||
|
|
||||||
|
Test that hg cat does not do anything wrong the working copy has 'b' as a symlink (issue4749)
|
||||||
|
|
||||||
|
$ hg up 'desc(symlink)'
|
||||||
|
1 files updated, 0 files merged, 1 files removed, 0 files unresolved
|
||||||
|
$ hg cat b/a
|
||||||
|
b/a: no such file in rev bc151a1f53bd
|
||||||
|
[1]
|
||||||
|
$ hg cat -r "desc(directory)" b/a
|
||||||
|
c
|
||||||
|
$ hg cat -r "desc(symlink)" b/a
|
||||||
|
b/a: no such file in rev bc151a1f53bd
|
||||||
|
[1]
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user