mercurial-scm/hg: mercurial/revset.py comparison

revset: add a whitelist of DoS-safe symbols 'Safe' here means that they can't be used for a DoS attack for any given input.

author	Alexander Plavin <alexander@plav.in>
date	Fri, 06 Sep 2013 13:30:56 +0400
parents	f0b992a9be9c
children	61a47fd64f30

comparison

equal deleted inserted replaced

-:f0b992a9be9c
+:d8ca6d965230
 "user": user,
 "unstable": unstable,
 "_list": _list,
 }
+# symbols which can't be used for a DoS attack for any given input
+# (e.g. those which accept regexes as plain strings shouldn't be included)
+# functions that just return a lot of changesets (like all) don't count here
+safesymbols = set([
+"adds",
+"all",
+"ancestor",
+"ancestors",
+"_firstancestors",
+"author",
+"bisect",
+"bisected",
+"bookmark",
+"branch",
+"branchpoint",
+"bumped",
+"bundle",
+"children",
+"closed",
+"converted",
+"date",
+"desc",
+"descendants",
+"_firstdescendants",
+"destination",
+"divergent",
+"draft",
+"extinct",
+"extra",
+"file",
+"filelog",
+"first",
+"follow",
+"_followfirst",
+"head",
+"heads",
+"hidden",
+"id",
+"keyword",
+"last",
+"limit",
+"_matchfiles",
+"max",
+"merge",
+"min",
+"modifies",
+"obsolete",
+"origin",
+"outgoing",
+"p1",
+"p2",
+"parents",
+"present",
+"public",
+"remote",
+"removes",
+"rev",
+"reverse",
+"roots",
+"sort",
+"secret",
+"matching",
+"tag",
+"tagged",
+"user",
+"unstable",
+"_list",
+])
 methods = {
 "range": rangeset,
 "dagrange": dagrange,
 "string": stringset,
 "symbol": symbolset,

Mercurial > public > mercurial-scm > hg