Mercurial > kallithea

changeset 7125:2a96678c8cd9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge stable
author Mads Kiilerich <mads@kiilerich.com>
date Sat, 10 Feb 2018 19:10:39 +0100
parents 8f30206a15b5 (current diff) 55d2b08d9c44 (diff)
children 5c0dc6fe1e40
files kallithea/lib/paster_commands/setup_db.py kallithea/lib/vcs/backends/git/repository.py kallithea/lib/vcs/backends/hg/repository.py kallithea/public/images/manifest.json kallithea/tests/functional/test_login.py kallithea/tests/vcs/test_git.py kallithea/tests/vcs/test_hg.py
diffstat 7 files changed, 99 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/paster_commands/setup_db.py	Sat Feb 03 11:12:13 2018 +0100
+++ b/kallithea/lib/paster_commands/setup_db.py	Sat Feb 10 19:10:39 2018 +0100
@@ -102,3 +102,5 @@
         dbmanage.create_permissions()
         dbmanage.populate_default_permissions()
         Session().commit()
+
+        print 'Database set up successfully.'
--- a/kallithea/lib/vcs/backends/git/repository.py	Sat Feb 03 11:12:13 2018 +0100
+++ b/kallithea/lib/vcs/backends/git/repository.py	Sat Feb 10 19:10:39 2018 +0100
@@ -587,8 +587,30 @@
         :param ignore_whitespace: If set to ``True``, would not show whitespace
           changes. Defaults to ``False``.
         :param context: How many lines before/after changed lines should be
-          shown. Defaults to ``3``.
+          shown. Defaults to ``3``. Due to limitations in Git, if
+          value passed-in is greater than ``2**31-1``
+          (``2147483647``), it will be set to ``2147483647``
+          instead. If negative value is passed-in, it will be set to
+          ``0`` instead.
         """
+
+        # Git internally uses a signed long int for storing context
+        # size (number of lines to show before and after the
+        # differences). This can result in integer overflow, so we
+        # ensure the requested context is smaller by one than the
+        # number that would cause the overflow. It is highly unlikely
+        # that a single file will contain that many lines, so this
+        # kind of change should not cause any realistic consequences.
+        overflowed_long_int = 2**31
+
+        if context >= overflowed_long_int:
+            context = overflowed_long_int - 1
+
+        # Negative context values make no sense, and will result in
+        # errors. Ensure this does not happen.
+        if context < 0:
+            context = 0
+
         flags = ['-U%s' % context, '--full-index', '--binary', '-p', '-M', '--abbrev=40']
         if ignore_whitespace:
             flags.append('-w')
--- a/kallithea/lib/vcs/backends/hg/repository.py	Sat Feb 03 11:12:13 2018 +0100
+++ b/kallithea/lib/vcs/backends/hg/repository.py	Sat Feb 10 19:10:39 2018 +0100
@@ -243,8 +243,15 @@
         :param ignore_whitespace: If set to ``True``, would not show whitespace
           changes. Defaults to ``False``.
         :param context: How many lines before/after changed lines should be
-          shown. Defaults to ``3``.
+          shown. Defaults to ``3``. If negative value is passed-in, it will be
+          set to ``0`` instead.
         """
+
+        # Negative context values make no sense, and will result in
+        # errors. Ensure this does not happen.
+        if context < 0:
+            context = 0
+
         if hasattr(rev1, 'raw_id'):
             rev1 = getattr(rev1, 'raw_id')
 
--- a/kallithea/public/images/manifest.json	Sat Feb 03 11:12:13 2018 +0100
+++ b/kallithea/public/images/manifest.json	Sat Feb 10 19:10:39 2018 +0100
@@ -15,4 +15,4 @@
     "theme_color": "#ffffff",
     "background_color": "#ffffff",
     "display": "standalone"
-}
\ No newline at end of file
+}
--- a/kallithea/tests/functional/test_login.py	Sat Feb 03 11:12:13 2018 +0100
+++ b/kallithea/tests/functional/test_login.py	Sat Feb 10 19:10:39 2018 +0100
@@ -144,6 +144,13 @@
 
         response.mustcontain('Invalid username or password')
 
+    def test_login_non_ascii(self):
+        response = self.app.post(url(controller='login', action='index'),
+                                 {'username': TEST_USER_REGULAR_LOGIN,
+                                  'password': 'blåbærgrød'})
+
+        response.mustcontain('>Invalid username or password<')
+
     # verify that get arguments are correctly passed along login redirection
 
     @parametrize('args,args_encoded', [
--- a/kallithea/tests/vcs/test_git.py	Sat Feb 03 11:12:13 2018 +0100
+++ b/kallithea/tests/vcs/test_git.py	Sat Feb 10 19:10:39 2018 +0100
@@ -709,6 +709,46 @@
             ['diff', '-U3', '--full-index', '--binary', '-p', '-M', '--abbrev=40',
              self.repo._get_revision(0), self.repo._get_revision(1), '--', 'foo'])
 
+    def test_get_diff_does_not_sanitize_valid_context(self):
+        almost_overflowed_long_int = 2**31-1
+
+        self.repo.run_git_command = mock.Mock(return_value=['', ''])
+        self.repo.get_diff(0, 1, 'foo', context=almost_overflowed_long_int)
+        self.repo.run_git_command.assert_called_once_with(
+            ['diff', '-U' + str(almost_overflowed_long_int), '--full-index', '--binary', '-p', '-M', '--abbrev=40',
+             self.repo._get_revision(0), self.repo._get_revision(1), '--', 'foo'])
+
+    def test_get_diff_sanitizes_overflowing_context(self):
+        overflowed_long_int = 2**31
+        sanitized_overflowed_long_int = overflowed_long_int-1
+
+        self.repo.run_git_command = mock.Mock(return_value=['', ''])
+        self.repo.get_diff(0, 1, 'foo', context=overflowed_long_int)
+
+        self.repo.run_git_command.assert_called_once_with(
+            ['diff', '-U' + str(sanitized_overflowed_long_int), '--full-index', '--binary', '-p', '-M', '--abbrev=40',
+             self.repo._get_revision(0), self.repo._get_revision(1), '--', 'foo'])
+
+    def test_get_diff_does_not_sanitize_zero_context(self):
+        zero_context = 0
+
+        self.repo.run_git_command = mock.Mock(return_value=['', ''])
+        self.repo.get_diff(0, 1, 'foo', context=zero_context)
+
+        self.repo.run_git_command.assert_called_once_with(
+            ['diff', '-U' + str(zero_context), '--full-index', '--binary', '-p', '-M', '--abbrev=40',
+             self.repo._get_revision(0), self.repo._get_revision(1), '--', 'foo'])
+
+    def test_get_diff_sanitizes_negative_context(self):
+        negative_context = -10
+
+        self.repo.run_git_command = mock.Mock(return_value=['', ''])
+        self.repo.get_diff(0, 1, 'foo', context=negative_context)
+
+        self.repo.run_git_command.assert_called_once_with(
+            ['diff', '-U0', '--full-index', '--binary', '-p', '-M', '--abbrev=40',
+             self.repo._get_revision(0), self.repo._get_revision(1), '--', 'foo'])
+
 
 class TestGitRegression(_BackendTestMixin):
     backend_alias = 'git'
--- a/kallithea/tests/vcs/test_hg.py	Sat Feb 03 11:12:13 2018 +0100
+++ b/kallithea/tests/vcs/test_hg.py	Sat Feb 10 19:10:39 2018 +0100
@@ -1,6 +1,7 @@
 import os
 
 import pytest
+import mock
 
 from kallithea.lib.utils2 import safe_str
 from kallithea.lib.vcs.backends.hg import MercurialRepository, MercurialChangeset
@@ -236,6 +237,23 @@
         assert node.kind == NodeKind.FILE
         assert node.content == readme
 
+    @mock.patch('kallithea.lib.vcs.backends.hg.repository.diffopts')
+    def test_get_diff_does_not_sanitize_zero_context(self, mock_diffopts):
+        zero_context = 0
+
+        self.repo.get_diff(0, 1, 'foo', context=zero_context)
+
+        mock_diffopts.assert_called_once_with(git=True, showfunc=True, ignorews=False, context=zero_context)
+
+    @mock.patch('kallithea.lib.vcs.backends.hg.repository.diffopts')
+    def test_get_diff_sanitizes_negative_context(self, mock_diffopts):
+        negative_context = -10
+        zero_context = 0
+
+        self.repo.get_diff(0, 1, 'foo', context=negative_context)
+
+        mock_diffopts.assert_called_once_with(git=True, showfunc=True, ignorews=False, context=zero_context)
+
 
 class TestMercurialChangeset(object):