[PATCH 1 of 2 V2] ui: introduce an experimental dict of exportable environment variables

Yuya Nishihara yuya at tcha.org
Wed Jan 18 13:52:43 UTC 2017 

On Tue, 17 Jan 2017 23:50:46 -0500, Matt Harbison wrote:
> # HG changeset patch
> # User Matt Harbison <matt_harbison at yahoo.com>
> # Date 1484712312 18000
> #      Tue Jan 17 23:05:12 2017 -0500
> # Node ID 5a03e25ec0c0417e915b2014995bd83443ef97ec
> # Parent  923336cf8b8afdb41746ecef8a39d773bd5538bf
> ui: introduce an experimental dict of exportable environment variables

This looks good as an experimental implementation, so queued, thanks.
I found a few minor problems, which can be fixed later.

> Care needs to be taken to prevent leaking potentially sensitive environment
> variables through hgweb, if template support for environment variables is to be
> introduced.  There are a few ideas about the API for preventing accidental
> leaking [1].  Option 3 seems best from the POV of not needing to configure
> anything in the normal case.  I couldn't figure out how to do that, so guard it
> with an experimental option for now.
> 
> [1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-January/092383.html

In addition to hgweb, we'll probably need to consider the case where hg
command is executed behind a third-party web application. A web frontend may
pass a revset provided by user for example, which seems a valid use case.

> --- a/mercurial/ui.py
> +++ b/mercurial/ui.py
> @@ -147,6 +147,15 @@
>  
>              self.httppasswordmgrdb = urlreq.httppasswordmgrwithdefaultrealm()
>  
> +        allowed = self.configlist('experimental', 'exportableenviron')
> +        if '*' in allowed:
> +            self._exportableenviron = self.environ
> +        else:
> +            self._exportableenviron = {}
> +            for k in allowed:
> +                if k in self.environ:
> +                    self._exportableenviron[k] = self.environ[k]

Perhaps s/self.environ/encoding.environ/ would be better since self.environ
can be a WSGI-request environ. (FWIW, I have no idea why we need to carry
around WSGI environ by ui.)

And we'll need to build the dict by fixconfig(), not by __init__().

More information about the Mercurial-devel mailing list