Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-06 21:35:46 +01:00
Code Issues Packages Projects Releases Activity
13,587 Commits 35 Branches 222 Tags
ca87bf766cdc70179cb2dce03015d78ec9c13ebd
Commit Graph

66 Commits

Author SHA1 Message Date
Toshi MARUYAMA
ca87bf766c mercurial: reject malicious command argument (#27516) 
We've got a security report from the Phabricator team, which basically says
--config and --debugger arguments can be injected anywhere to lead to an
arbitrary command execution.

https://secure.phabricator.com/rPa7921a4448093d00defa8bd18f35b8c8f8bf3314

This is a fundamental issue of the argument parsing rules in Mercurial, which
allows extensions to populate their parsing rules and such extensions can be
loaded by "--config extensions.<name>=". There's a chicken and egg problem.
We're working on hardening the parsing rules, but which won't come in by
default as it would be a behavior change.

This patch adds a verification to reject malicious command arguments as a
last ditch. The subsequent patches will fix the problem in more appropriate
way.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/trunk@17060 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 11:38:23 +00:00
Jean-Philippe Lang
7fd04e1f8d Update copyright. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16685 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-25 08:40:31 +00:00
Jean-Philippe Lang
5a77904a91 Don't use assert_equal nil. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16072 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-12-13 20:12:34 +00:00
Jean-Philippe Lang
cda9c63d9c Updates copyright for 2016. 
git-svn-id: http://svn.redmine.org/redmine/trunk@15238 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-13 10:30:10 +00:00
Jean-Philippe Lang
000124f44f Copyright update. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13872 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-11 09:09:50 +00:00
Jean-Philippe Lang
2d1866d966 Merged rails-4.1 branch (#14534). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13482 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-10-22 17:37:16 +00:00
Toshi MARUYAMA
e266ddb309 scm: mercurial: add one "closed" branch to test repository (#16177) 
git-svn-id: http://svn.redmine.org/redmine/trunk@12929 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-02-26 11:27:41 +00:00
Toshi MARUYAMA
5872d079e6 scm: mercurial: use long id in adapter level (#14361) 
git-svn-id: http://svn.redmine.org/redmine/trunk@12761 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-02-02 04:44:38 +00:00
Toshi MARUYAMA
d26b4fc5b7 scm: mercurial: add adapter entry test (#14361) 
git-svn-id: http://svn.redmine.org/redmine/trunk@12756 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-02-02 04:43:17 +00:00
Toshi MARUYAMA
f2ec6f8d77 back out r12752 (#14361) 
Revision, Author and Comment of repository browser are broken.

git-svn-id: http://svn.redmine.org/redmine/trunk@12753 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-02-01 08:46:47 +00:00
Toshi MARUYAMA
ae68ff1100 scm: mercurial: use long id in adapter level (#14361) 
git-svn-id: http://svn.redmine.org/redmine/trunk@12752 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-02-01 07:47:04 +00:00
Toshi MARUYAMA
35cc911192 update copyright year (#15977) 
Contributed by Daniel Felix.

git-svn-id: http://svn.redmine.org/redmine/trunk@12736 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-01-29 22:45:39 +00:00
Toshi MARUYAMA
596366b062 upgrade mocha 0.14 and remove deprecation warning 
<pre>
Mocha deprecation warning: Change `require 'mocha'` to `require 'mocha/setup'`.
</pre>

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11896 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2013-05-21 12:57:11 +00:00
Jean-Philippe Lang
e396a0eebe Copyright for 2013 (#12788). 
Patch by Daniel Felix.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11169 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2013-01-12 09:29:31 +00:00
Toshi MARUYAMA
17db2dca3d scm: mercurial: add test of diff from new to old revision to unit lib test 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10390 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2012-09-16 08:51:19 +00:00
Toshi MARUYAMA
c70bc540dd add copyright statement to test/unit/lib/redmine/scm/adapters/*.rb 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10378 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2012-09-14 21:40:45 +00:00
Toshi MARUYAMA
2b4549b3ea scm: mercurial: test: lib: update branches test for Branch class (#5501) 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7674 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-10-28 05:19:58 +00:00
Toshi MARUYAMA
613a056ed6 scm: mercurial: test: add test of parents to unit lib test (#5501) 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7667 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-10-28 04:57:43 +00:00
Toshi MARUYAMA
476c3d54b7 scm: mercurial: update test repository (#5501) 
This test repository has one merged revision.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7662 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-10-28 01:44:12 +00:00
Toshi MARUYAMA
81ef038587 scm: mercurial: drop supporting below Mercurial 1.1 (#9465) 
On November 1st 2011, Mercurial 2.0 will be released.

On Mercurial 1.1.2, unit lib test fails with following error.

<pre>
Traceback (most recent call last):
  File "/WEB-DOWN/hg-repo/hg-crew/hg", line 20, in <module>
    mercurial.dispatch.run()
  File "/WEB-DOWN/hg-repo/hg-crew/mercurial/dispatch.py", line 20, in run
    sys.exit(dispatch(sys.argv[1:]))
  File "/WEB-DOWN/hg-repo/hg-crew/mercurial/dispatch.py", line 29, in dispatch
    return _runcatch(u, args)
  File "/WEB-DOWN/hg-repo/hg-crew/mercurial/dispatch.py", line 45, in _runcatch
    return _dispatch(ui, args)
  File "/WEB-DOWN/hg-repo/hg-crew/mercurial/dispatch.py", line 367, in _dispatch
    ret = _runcommand(ui, options, cmd, d)
  File "/WEB-DOWN/hg-repo/hg-crew/mercurial/dispatch.py", line 416, in _runcommand
    return checkargs()
  File "/WEB-DOWN/hg-repo/hg-crew/mercurial/dispatch.py", line 376, in checkargs
    return cmdfunc()
  File "/WEB-DOWN/hg-repo/hg-crew/mercurial/dispatch.py", line 361, in <lambda>
    d = lambda: util.checksignature(func)(ui, *args, **cmdoptions)
  File "/WEB-DOWN/hg-repo/hg-crew/mercurial/util.py", line 715, in check
    return func(*args, **kwargs)
  File "/REDMINE-1/hg-workdir/redmine-bb-all/lib/redmine/scm/adapters/mercurial/redminehelper.py", line 149, in rhlog
    if hg.util.version() >= '1.6':
AttributeError: 'module' object has no attribute 'version'

  1) Error:
test_nodes_in_branch(MercurialAdapterTest):
Redmine::Scm::Adapters::MercurialAdapter::HgCommandAborted: hg exited with non-zero status: 1
    lib/redmine/scm/adapters/mercurial_adapter.rb:306:in `hg'
    lib/redmine/scm/adapters/mercurial_adapter.rb:234:in `nodes_in_branch'
    test/unit/lib/redmine/scm/adapters/mercurial_adapter_test.rb:311:in `test_nodes_in_branch'
    test/unit/lib/redmine/scm/adapters/mercurial_adapter_test.rb:304:in `each'
    test/unit/lib/redmine/scm/adapters/mercurial_adapter_test.rb:304:in `test_nodes_in_branch'
</pre>

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7650 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-10-25 06:10:12 +00:00
Toshi MARUYAMA
74cbbd38d0 scm: mercurial: skip failing unit lib tests on below Mercurial 1.5 (#9465) 
Tests of non ASCII nor alphabetic nor numeric *named branch* fails on below Mercurial 1.5.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7642 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-10-24 09:32:38 +00:00
Toshi MARUYAMA
3baabca8f2 scm: mercurial: replace RAILS_ROOT to Rails.root in unit adapter test. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6050 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-06-10 11:09:50 +00:00
Toshi MARUYAMA
c9a3d925ca scm: mercurial: add unit adapter test of default path_encoding is UTF-8 (#2664). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5869 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-05-21 02:38:56 +00:00
Toshi MARUYAMA
1f0ddc3199 scm: mercurial: code clean up unit adapter test. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5826 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-05-18 02:18:25 +00:00
Toshi MARUYAMA
e5606c8d32 scm: mercurial: remove trailing white-spaces from unit adapter test. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5781 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-05-13 06:17:34 +00:00
Toshi MARUYAMA
46d970a552 scm: mercurial: add client command tests at unit adapter test (#4273). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5361 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-04-08 04:53:11 +00:00
Toshi MARUYAMA
bb2aec653d scm: mercurial: code clean up unit adapter test. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5359 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-04-08 04:40:48 +00:00
Toshi MARUYAMA
cbe59c5990 scm: mercurial: add test of non ASCII named branch in unit adapter test (#7246). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5115 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-03-14 04:55:20 +00:00
Toshi MARUYAMA
5abec74de3 scm: mercurial: add test of non ASCII tag in unit adapter test (#1981). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5114 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-03-14 04:55:03 +00:00
Toshi MARUYAMA
5edc631791 scm: mercurial: prepare test of wrapping revision of cat and annotate with URL encoding (#1981, #7246). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5113 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-03-14 04:54:45 +00:00
Toshi MARUYAMA
d48a7e148e scm: mercurial: remove unused parameters from "nodes_in_branch()" method in adapter (#7246, #4455). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5108 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-03-13 15:03:05 +00:00
Toshi MARUYAMA
72d6b2c8df scm: mercurial: add tests for "nodes_in_branch()" method in adapter (#7246, #4455). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5103 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-03-13 10:52:03 +00:00
Toshi MARUYAMA
d5b268129c scm: mercurial: add latin-1 encoding directory to test repository (#2664). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5059 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-03-08 10:35:48 +00:00
Toshi MARUYAMA
d8e1af6156 scm: mercurial: add unit adapter test repository for path contains space (#2664, #4455). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4998 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-03-04 08:08:13 +00:00
Toshi MARUYAMA
53249469a0 scm: mercurial: update test repository for path contains space (#2664, #4455). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4997 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-03-04 08:07:53 +00:00
Toshi MARUYAMA
b7dffa44c9 scm: mercurial: update test repository for path encoding (#2664). 
Mercurial (and also Git) treats file names as byte string.
This mercurial test repository contains Latin-1 encoding path.
Be careful on non Latin-1(CP1252) Windows.

If your Windows is not Latin-1 Windows,
in order to checkout(update) Latin-1 path,
You need to use cygwin 1.7 and set LANG=en_US.ISO-8859-1.

Please refer.
http://mercurial.selenic.com/wiki/EncodingStrategy?action=recall&rev=6

Redmine mercurial adapter do not need to checkout(update) repository.
Mercurial does not have "bare" repository such as Git.
You can use "hg update null" for equivalent "bare" repository.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4996 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-03-04 04:25:48 +00:00
Toshi MARUYAMA
0833abd9e5 scm: mercurial: unit test for named branches at adapter (#7246). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4875 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-18 07:15:58 +00:00
Toshi MARUYAMA
8c9be39350 scm: mercurial: unit test for tags at adapter (#1981). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4873 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-18 07:15:13 +00:00
Toshi MARUYAMA
d393306a0c scm: mercurial: entries unit lib test for named branch (#7246). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4867 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-18 05:00:07 +00:00
Toshi MARUYAMA
b6f12e28d7 scm: mercurial: entries unit lib test for tag (#1981). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4866 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-18 04:59:45 +00:00
Toshi MARUYAMA
55fdc23981 scm: mercurial: remove "TODO" comment and fix indent of unit lib test. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4865 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-18 04:20:40 +00:00
Toshi MARUYAMA
628130ef5c scm: mercurial: unit lib test for entries (#3421). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4864 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-18 04:13:40 +00:00
Toshi MARUYAMA
a3a9661da6 scm: mercurial: move entries unit test from app to lib. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4863 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-18 04:13:17 +00:00
Toshi MARUYAMA
17f1b1d0bc scm: mercurial: fix unit lib test_info test fails on Windows. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4862 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-18 00:58:08 +00:00
Toshi MARUYAMA
05210f18ed scm: mercurial: set instance value flag of whether "hg diff -c" supports true at tests (#7518). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4855 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-16 11:18:18 +00:00
Toshi MARUYAMA
671b16f898 scm: mercurial: add instance value flag of whether "hg diff -c" supports at tests (#7518). 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4853 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-16 11:17:37 +00:00
Toshi MARUYAMA
08ed9cb5d5 scm: mercurial: change identifier to revision in fetching revisions. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4847 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-16 07:31:52 +00:00
Toshi MARUYAMA
4fe8259017 scm: mercurial: rewrite MercurialAdapter#info by using helper extention (#4455). 
Contributed by Yuya Nishihara.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4846 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-16 04:41:30 +00:00
Toshi MARUYAMA
202ebe1d12 scm: mercurial: add compatible test for "revisions" method. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4843 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-16 03:47:27 +00:00
Toshi MARUYAMA
a6fad1eb66 scm: mercurial: add compatible test for "info" method. 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4838 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2011-02-16 01:13:49 +00:00