[PATCH 0 of 6] keyword: handle copy/rename; make regex stricter (2nd try)

Christian Ebert blacktrash at gmx.net
Mon Oct 4 16:02:19 UTC 2010 

Hi,

Refactoring the keyword extension, hopefully the final attempt to
cover all weird corner cases. Sorry for spaming the list so
often, but I believe these changes are enhancements that are
worth the trouble. Just tell me to shut up otherwise ;-)

2 security enhancements regarding unwanted keyword (un)expansion:

1) handle copying/renaming to a destination not configured for
   keyword expansion gracefully (2nd patch)
2) Stricter keyword detection by using 2 specific regular
   expressions which search either for unexpanded or expanded
   keywords only (6th patch)

Series in detail:

1. Refactor kwtemplar.overwrite() to prepare for the coming
   changes

Remove duplicate search or replace operations on keywor
(un)expansion.

Move weeding of expansion/shrink candidates outside overwrite().

2. Make copy and rename operations safer wrt keyword expansion.

Before files containing expanded keywords were copied/renamed
unaltered even to a destination ignored by the extension. If
these files were checked in the expanded keywords became
unintentionally part of the change history. I tend to consider
this as a long-standing bug in the extension, which should now be
fixed. This change unexpands all keywords in the copy/rename
destinations as the files are not yet versioned.

I don't think the wrapper for cmdutil.copy needs to be
write-locked as cmdutil.copy is "called with the repo lock held",
but I'm fine with being taught otherwise.

A weird corner case where "hg cp symlink dest" yields a different
result (symlink) as "cp symlink dest; hg cp -A symlink dest"
(regular file) is also covered and tested. However, I don't know
how cp behaves on other platforms and whether the test (only the
test) would break there.

3. Make iskwfile a weeding function which now takes a list of
   files and the context as argument.

4. Simplify kwfilelog.cmp() and avoid the import of revlog and
   fiddling with it.

5. Remove all remaining sed calls from the keyword tests.

3. Two regular expressions, one for "pure" keywords, one for
   expanded keywords.

"Loosely" formatted keywords, like $Id:  $ (before expansion) are
not allowed anymore -- an issue which cropped up at least once on
the wiki.

A crew repo with the series applied can be found here:
http://www.blacktrash.org/hg/hg-crew-mq/

c

More information about the Mercurial-devel mailing list