Mercurial > kallithea

changeset 8766:c3b6ad713a0f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hg: make sure _check_url only accept the protocols accepted by is_valid_repo_uri Avoid unnecessary flexibility, ambiguity, and complexity. This is similar to what 3ea3d3a2b3e3 did for Git.
author Mads Kiilerich <mads@kiilerich.com>
date Thu, 03 Dec 2020 11:16:44 +0100
parents d2f59de17bef
children 817dcce30d67
files kallithea/lib/vcs/backends/hg/repository.py
diffstat 1 files changed, 19 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/vcs/backends/hg/repository.py	Thu Dec 03 11:16:44 2020 +0100
+++ b/kallithea/lib/vcs/backends/hg/repository.py	Thu Dec 03 11:16:44 2020 +0100
@@ -298,6 +298,18 @@
         Traceback (most recent call last):
         ...
         urllib.error.URLError: <urlopen error Error parsing URL: 'http://example.com:65537/repo'>
+        >>> MercurialRepository._check_url('foo')
+        Traceback (most recent call last):
+        ...
+        urllib.error.URLError: <urlopen error Unsupported protocol in URL 'foo'>
+        >>> MercurialRepository._check_url('git+ssh://example.com/my%20fine repo')
+        Traceback (most recent call last):
+        ...
+        urllib.error.URLError: <urlopen error Unsupported protocol in URL 'git+ssh://example.com/my%20fine repo'>
+        >>> MercurialRepository._check_url('svn+http://example.com/repo')
+        Traceback (most recent call last):
+        ...
+        urllib.error.URLError: <urlopen error Unsupported protocol in URL 'svn+http://example.com/repo'>
         """
         try:
             parsed_url = urllib.parse.urlparse(url)
@@ -306,10 +318,13 @@
             raise urllib.error.URLError("Error parsing URL: %r" % url)
 
         # check first if it's not an local url
-        if os.path.isdir(url) or parsed_url.scheme == 'file':
+        if os.path.isabs(url) and os.path.isdir(url) or parsed_url.scheme == 'file':
             # When creating repos, _get_url will use file protocol for local paths
             return
 
+        if parsed_url.scheme not in ['http', 'https', 'ssh', 'git+http', 'git+https']:
+            raise urllib.error.URLError("Unsupported protocol in URL %r" % url)
+
         url = safe_bytes(url)
 
         if parsed_url.scheme == 'ssh':
@@ -318,9 +333,8 @@
             mercurial.sshpeer.instance(repoui or mercurial.ui.ui(), url, False).lookup(b'tip')
             return
 
-        url_prefix = None
-        if '+' in parsed_url.scheme:
-            url_prefix, url = url.split(b'+', 1)
+        if '+' in parsed_url.scheme:  # strip 'git+' for hg-git URLs
+            url = url.split(b'+', 1)[1]
 
         url_obj = mercurial.util.url(url)
         test_uri, handlers = get_urllib_request_handlers(url_obj)
@@ -349,7 +363,7 @@
             # means it cannot be cloned
             raise urllib.error.URLError("[%s] org_exc: %s" % (cleaned_uri, e))
 
-        if not url_prefix: # skip git+http://... etc
+        if parsed_url.scheme in ['http', 'https']:  # skip git+http://... etc
             # now check if it's a proper hg repo
             try:
                 mercurial.httppeer.instance(repoui or mercurial.ui.ui(), url, False).lookup(b'tip')