Patchwork [5,of,7] remotedebug: introduce config to control who can use the debug capabilities

login
register
mail settings
Submitter Paul Morelle
Date June 20, 2018, 4:36 p.m.
Message ID <fd3f8738e2ca4308a8a8.1529512586@belenos.localdomain>
Download mbox | patch
Permalink /patch/32348/
State Accepted
Headers show

Comments

Paul Morelle - June 20, 2018, 4:36 p.m.
# HG changeset patch
# User Boris Feld <boris.feld@octobus.net>
# Date 1529430801 -7200
#      Tue Jun 19 19:53:21 2018 +0200
# Node ID fd3f8738e2ca4308a8a8f9e21cc05bb97a7200db
# Parent  1130b3e74a6e618dfca6b19988881c004a304091
# EXP-Topic remote-debug
# Available At https://bitbucket.org/octobus/mercurial-devel/
#              hg pull https://bitbucket.org/octobus/mercurial-devel/ -r fd3f8738e2ca
remotedebug: introduce config to control who can use the debug capabilities

Providing config output to anyone might expose unwanted information. We now
require users to be explicitly white-listed.

The '*' value allows anyone to use the feature.
This is similar to the 'http.allow_push' config.

Patch

diff -r 1130b3e74a6e -r fd3f8738e2ca mercurial/configitems.py
--- a/mercurial/configitems.py	Wed Jun 20 11:57:58 2018 +0200
+++ b/mercurial/configitems.py	Tue Jun 19 19:53:21 2018 +0200
@@ -948,6 +948,9 @@ 
 coreconfigitem('server', 'preferuncompressed',
     default=False,
 )
+coreconfigitem('server', 'allow-remote-debug',
+    default=list,
+)
 coreconfigitem('server', 'streamunbundle',
     default=False,
 )
diff -r 1130b3e74a6e -r fd3f8738e2ca mercurial/dispatch.py
--- a/mercurial/dispatch.py	Wed Jun 20 11:57:58 2018 +0200
+++ b/mercurial/dispatch.py	Tue Jun 19 19:53:21 2018 +0200
@@ -292,9 +292,12 @@ 
                 req.args[3] != '--stdio'):
                 unsafe()
             other_args = req.args[4:]
+            rd_access = req.ui.configlist('server', 'allow-remote-debug')
+            user = util.username()
+            if not ('*' in rd_access or user in rd_access) and other_args:
+                unsafe()
             while other_args:
                 if other_args[0] == '--debug':
-                    # TODO: introduce user restriction
                     other_args.pop(0)
                 else:
                     unsafe()
diff -r 1130b3e74a6e -r fd3f8738e2ca mercurial/help/config.txt
--- a/mercurial/help/config.txt	Wed Jun 20 11:57:58 2018 +0200
+++ b/mercurial/help/config.txt	Tue Jun 19 19:53:21 2018 +0200
@@ -1750,6 +1750,14 @@ 
 
 Controls generic server settings.
 
+``allow-remote-debug``
+    List of Users allowed to display extra debug information when talking to the
+    server. If the special value ``*`` is used, all users will be allowed to do
+    so.
+
+    Note: the config set at the repository level will be ignored. It needs to be
+    set at user or system level.
+
 ``bookmarks-pushkey-compat``
     Trigger pushkey hook when being pushed bookmark updates. This config exist
     for compatibility purpose (default to True)
diff -r 1130b3e74a6e -r fd3f8738e2ca tests/test-remote-debugging.t
--- a/tests/test-remote-debugging.t	Wed Jun 20 11:57:58 2018 +0200
+++ b/tests/test-remote-debugging.t	Tue Jun 19 19:53:21 2018 +0200
@@ -58,6 +58,34 @@ 
 Test basic remote debug output
 ------------------------------
 
+Without the config allowing it
+``````````````````````````````
+
+  $ hg pull --config "devel.remote.debug=yes"
+  pulling from ssh://user@dummy/remote/
+  remote: abort: potentially unsafe serve --stdio invocation: ['-R', 'remote/', 'serve', '--stdio', '--debug']
+  abort: no suitable response from remote hg!
+  [255]
+
+  $ cat >> $HGRCPATH << EOF
+  > [server]
+  > allow-remote-debug=nonexistant-user
+  > EOF
+
+  $ hg pull --config "devel.remote.debug=yes"
+  pulling from ssh://user@dummy/remote/
+  remote: abort: potentially unsafe serve --stdio invocation: ['-R', 'remote/', 'serve', '--stdio', '--debug']
+  abort: no suitable response from remote hg!
+  [255]
+
+With the config allowing it
+``````````````````````````
+
+  $ cat >> $HGRCPATH << EOF
+  > [server]
+  > allow-remote-debug=*
+  > EOF
+
   $ hg pull --config "devel.remote.debug=yes"
   pulling from ssh://user@dummy/remote/
   searching for changes