[PATCH] templater: add 'env()' to fetch environment variables
Yuya Nishihara
yuya at tcha.org
Tue Jan 17 14:06:59 UTC 2017
On Mon, 16 Jan 2017 22:28:17 -0500, Matt Harbison wrote:
> On Mon, 16 Jan 2017 07:25:24 -0500, Yuya Nishihara <yuya at tcha.org> wrote:
> > On Sun, 15 Jan 2017 15:30:56 -0500, Matt Harbison wrote:
> >> # HG changeset patch
> >> # User Matt Harbison <matt_harbison at yahoo.com>
> >> # Date 1484508143 18000
> >> # Sun Jan 15 14:22:23 2017 -0500
> >> # Node ID 2ba757de67ce1347d088a4d9f947efe5d407ffdd
> >> # Parent 4c0a5a256ae806fab18d56b3c44a8d1c98a40ce0
> >> templater: add 'env()' to fetch environment variables
> @templatekeyword('environ')
> def showenviron(**args):
> """A dictionary of environment variables."""
>
> env = encoding.environ
> env = util.sortdict((k, env[k]) for k in sorted(env))
> makemap = lambda k: {'key': k, 'value': env[k]}
> c = [makemap(k) for k in env]
> f = _showlist('environ', c, **args)
> return _hybrid(f, env, makemap,
> lambda x: '%s=%s' % (x['key'], x['value']))
As I pointed out in another thread, there's a security concern. We have to
be careful to not expose the environ data to malicious users via e.g. hgweb.
I agreed with marmoute on IRC we should shape the APIs so we would never
give access to the environ dict by mistake.
Here's some ideas:
a) list accessible environment variables explicitly by config
e.g. --config ui.accessibleenvironintemplate=BUILD_ID,BUILD_TYPE
b) define template variables by config (somewhat similar to [extdata])
e.g. [exttemplatevariables]
# $var will be expanded
build_id = $BUILD_ID
build_type = $BUILD_TYPE
c) add API to access environment variables that can be exported
e.g. ui.exportableenviron = environ.environ # by default
= {} # by hgweb
Thoughts?
More information about the Mercurial-devel
mailing list