Patchwork [3,of,4,V5] revset: add a whitelist of DoS-safe symbols

login
register
mail settings
Submitter Alexander Plavin
Date Sept. 6, 2013, 9:35 a.m.
Message ID <4bd88d1333e7851b51a5.1378460136@debian-alexander.dolgopa>
Download mbox | patch
Permalink /patch/2391/
State Accepted
Commit d8ca6d965230f80f06c7c7d9fe481953f3f1c2f0
Headers show

Comments

Alexander Plavin - Sept. 6, 2013, 9:35 a.m.
# HG changeset patch
# User Alexander Plavin <alexander@plav.in>
# Date 1378459856 -14400
#      Fri Sep 06 13:30:56 2013 +0400
# Node ID 4bd88d1333e7851b51a5cfb897cb441ffa259ccb
# Parent  138d070c10757609493168d01da01b763e561f05
revset: add a whitelist of DoS-safe symbols

'Safe' here means that they can't be used for a DoS attack for any given input.

Patch

diff -r 138d070c1075 -r 4bd88d1333e7 mercurial/revset.py
--- a/mercurial/revset.py	Wed Aug 07 01:21:31 2013 +0400
+++ b/mercurial/revset.py	Fri Sep 06 13:30:56 2013 +0400
@@ -1609,6 +1609,75 @@ 
     "_list": _list,
 }
 
+# symbols which can't be used for a DoS attack for any given input
+# (e.g. those which accept regexes as plain strings shouldn't be included)
+# functions that just return a lot of changesets (like all) don't count here
+safesymbols = set([
+    "adds",
+    "all",
+    "ancestor",
+    "ancestors",
+    "_firstancestors",
+    "author",
+    "bisect",
+    "bisected",
+    "bookmark",
+    "branch",
+    "branchpoint",
+    "bumped",
+    "bundle",
+    "children",
+    "closed",
+    "converted",
+    "date",
+    "desc",
+    "descendants",
+    "_firstdescendants",
+    "destination",
+    "divergent",
+    "draft",
+    "extinct",
+    "extra",
+    "file",
+    "filelog",
+    "first",
+    "follow",
+    "_followfirst",
+    "head",
+    "heads",
+    "hidden",
+    "id",
+    "keyword",
+    "last",
+    "limit",
+    "_matchfiles",
+    "max",
+    "merge",
+    "min",
+    "modifies",
+    "obsolete",
+    "origin",
+    "outgoing",
+    "p1",
+    "p2",
+    "parents",
+    "present",
+    "public",
+    "remote",
+    "removes",
+    "rev",
+    "reverse",
+    "roots",
+    "sort",
+    "secret",
+    "matching",
+    "tag",
+    "tagged",
+    "user",
+    "unstable",
+    "_list",
+])
+
 methods = {
     "range": rangeset,
     "dagrange": dagrange,