sapling

facebook/sapling

Fork 0

mirror of https://github.com/facebook/sapling.git synced 2024-10-07 07:17:55 +03:00

Commit Graph

Author	SHA1	Message	Date
Jun Wu	4a7b28d08b	serve: assign hg serve ports dynamically in tests Summary: Previously `hg server` uses `HGPORT` that might be in use. This patch uses `-p 0 --port-file ...` so `hg server` always gets assigned a free port. The change was first made by the following Ruby script: ``` re = /^ \$ hg serve(.) -p \$(HGPORT[12]?) (.[^\\])$\n \$/ Dir['.t'].each do \|path\| old = File.read(path) new = old.lines.map do \|l\| next l if l[/\(glob\)/] or not l['$HGPORT'] or l[/^ [$>]/] "#{l.chomp} (glob)\n" end.join.gsub re, <<-'EOS'.chomp $ hg serve\1 -p 0 --port-file $TESTTMP/.port \3 $ \2=`cat $TESTTMP/.port` $ EOS File.write(path, new) if old != new end ``` Then there are some manual changes: run-tests.py: It now treats `$HGPORT` in output as glob pattern ``, since it does not know the assigned value in tests. test-bookmarks-pushpull.t, test-https.t: Some `hg pull`s were changed to use explicit paths instead of relying on `.hgrc` since the test restarts the server and `.hg/hgrc` having an outdated URL. test-schemes.t: The test writes `$HGPORT` to `.hgrc` before assigning it. Changed the order so the correct `$HGPORT` is written. test-patchbomb-tls.t: Changed `(?) (glob)` to `(glob) (?)`. Reviewed By: DurhamG Differential Revision: D6925398 fbshipit-source-id: d5c10476f43ce23f9e99618807580cf8ba92595c	2018-04-13 21:51:07 -07:00
Saurabh Singh	c06453cd30	serve: make tests compatible with chg chg only supports 'hg serve' when the options to the serve command follow the 'hg serve'. For example, 'hg -R <repo> serve ..' is unsupported. This leads to issues with chg running for the following tests: - test-bundle2-exchange.t - test-clone-uncompressed.t - test-hgweb-csp.t - test-http-bad-server.t - test-http-bundle1.t - test-http-protocol.t - test-http.t There was an effort made earlier to fix this issue for chg and the tests were fixed to confirm to the compatible pattern. But the new tests did not take care of the same and hence, fail. Hopefully, there will be continuous build setup for chg after all tests are made compatible with chg so that we can avoid such issues. Test Plan: Ran the aforementioned tests with and without '--chg' option. Differential Revision: https://phab.mercurial-scm.org/D946	2017-10-04 18:39:26 -07:00
Gregory Szorc	9849c580fb	hgweb: support Content Security Policy Content-Security-Policy (CSP) is a web security feature that allows servers to declare what loaded content is allowed to do. For example, a policy can prevent loading of images, JavaScript, CSS, etc unless the source of that content is whitelisted (by hostname, URI scheme, hashes of content, etc). It's a nifty security feature that provides extra mitigation against some attacks, notably XSS. Mitigation against these attacks is important for Mercurial because hgweb renders repository data, which is commonly untrusted. While we make attempts to escape things, etc, there's the possibility that malicious data could be injected into the site content. If this happens today, the full power of the web browser is available to that malicious content. A restrictive CSP policy (defined by the server operator and sent in an HTTP header which is outside the control of malicious content), could restrict browser capabilities and mitigate security problems posed by malicious data. CSP works by emitting an HTTP header declaring the policy that browsers should apply. Ideally, this header would be emitted by a layer above Mercurial (likely the HTTP server doing the WSGI "proxying"). This works for some CSP policies, but not all. For example, policies to allow inline JavaScript may require setting a "nonce" attribute on <script>. This attribute value must be unique and non-guessable. And, the value must be present in the HTTP header and the HTML body. This means that coordinating the value between Mercurial and another HTTP server could be difficult: it is much easier to generate and emit the nonce in a central location. This commit introduces support for emitting a Content-Security-Policy header from hgweb. A config option defines the header value. If present, the header is emitted. A special "%nonce%" syntax in the value triggers generation of a nonce and inclusion in <script> elements in templates. The inclusion of a nonce does not occur unless "%nonce%" is present. This makes this commit completely backwards compatible and the feature opt-in. The nonce is a type 4 UUID, which is the flavor that is randomly generated. It has 122 random bits, which should be plenty to satisfy the guarantees of a nonce.	2017-01-10 23:37:08 -08:00

Author

SHA1

Message

Date

Jun Wu

4a7b28d08b

serve: assign hg serve ports dynamically in tests

Summary:
Previously `hg server` uses `HGPORT` that might be in use. This patch uses
`-p 0 --port-file ...` so `hg server` always gets assigned a free port.

The change was first made by the following Ruby script:

```
re = /^  \$ hg serve(.*) -p \$(HGPORT[12]?) (.*[^\\])$\n  \$/
Dir['*.t'].each do |path|
  old = File.read(path)
  new = old.lines.map do |l|
    next l if l[/\(glob\)/] or not l['$HGPORT'] or l[/^  [$>]/]
    "#{l.chomp} (glob)\n"
  end.join.gsub re, <<-'EOS'.chomp
  $ hg serve\1 -p 0 --port-file $TESTTMP/.port \3
  $ \2=`cat $TESTTMP/.port`
  $
  EOS
  File.write(path, new) if old != new
end
```

Then there are some manual changes:

run-tests.py: It now treats `$HGPORT` in output as glob pattern `*`, since
it does not know the assigned value in tests.

test-bookmarks-pushpull.t, test-https.t: Some `hg pull`s were changed to use
explicit paths instead of relying on `.hgrc` since the test restarts the
server and `.hg/hgrc` having an outdated URL.

test-schemes.t: The test writes `$HGPORT` to `.hgrc` before assigning it.
Changed the order so the correct `$HGPORT` is written.

test-patchbomb-tls.t: Changed `(?) (glob)` to `(glob) (?)`.

Reviewed By: DurhamG

Differential Revision: D6925398

fbshipit-source-id: d5c10476f43ce23f9e99618807580cf8ba92595c

2018-04-13 21:51:07 -07:00

Saurabh Singh

c06453cd30

serve: make tests compatible with chg

chg only supports 'hg serve' when the options to the serve command
follow the 'hg serve'. For example, 'hg -R <repo> serve ..' is unsupported.
This leads to issues with chg running for the following tests:

 - test-bundle2-exchange.t
 - test-clone-uncompressed.t
 - test-hgweb-csp.t
 - test-http-bad-server.t
 - test-http-bundle1.t
 - test-http-protocol.t
 - test-http.t

There was an effort made earlier to fix this issue for chg and the tests were
fixed to confirm to the compatible pattern. But the new tests did not take care
of the same and hence, fail. Hopefully, there will be continuous build setup
for chg after all tests are made compatible with chg so that we can avoid such
issues.

Test Plan:
Ran the aforementioned tests with and without '--chg' option.

Differential Revision: https://phab.mercurial-scm.org/D946

2017-10-04 18:39:26 -07:00

Gregory Szorc

9849c580fb

hgweb: support Content Security Policy

Content-Security-Policy (CSP) is a web security feature that allows
servers to declare what loaded content is allowed to do. For example,
a policy can prevent loading of images, JavaScript, CSS, etc unless
the source of that content is whitelisted (by hostname, URI scheme,
hashes of content, etc). It's a nifty security feature that provides
extra mitigation against some attacks, notably XSS.

Mitigation against these attacks is important for Mercurial because
hgweb renders repository data, which is commonly untrusted. While we
make attempts to escape things, etc, there's the possibility that
malicious data could be injected into the site content. If this happens
today, the full power of the web browser is available to that
malicious content. A restrictive CSP policy (defined by the server
operator and sent in an HTTP header which is outside the control of
malicious content), could restrict browser capabilities and mitigate
security problems posed by malicious data.

CSP works by emitting an HTTP header declaring the policy that browsers
should apply. Ideally, this header would be emitted by a layer above
Mercurial (likely the HTTP server doing the WSGI "proxying"). This
works for some CSP policies, but not all.

For example, policies to allow inline JavaScript may require setting
a "nonce" attribute on <script>. This attribute value must be unique
and non-guessable. And, the value must be present in the HTTP header
and the HTML body. This means that coordinating the value between
Mercurial and another HTTP server could be difficult: it is much
easier to generate and emit the nonce in a central location.

This commit introduces support for emitting a
Content-Security-Policy header from hgweb. A config option defines
the header value. If present, the header is emitted. A special
"%nonce%" syntax in the value triggers generation of a nonce and
inclusion in <script> elements in templates. The inclusion of a
nonce does not occur unless "%nonce%" is present. This makes this
commit completely backwards compatible and the feature opt-in.

The nonce is a type 4 UUID, which is the flavor that is randomly
generated. It has 122 random bits, which should be plenty to satisfy
the guarantees of a nonce.

2017-01-10 23:37:08 -08:00

3 Commits