diff options
author | W. Trevor King <wking@drexel.edu> | 2009-11-21 15:06:10 -0500 |
---|---|---|
committer | W. Trevor King <wking@drexel.edu> | 2009-11-21 15:06:10 -0500 |
commit | f3de7e1a6d07b5488fd3c9e01caba53216e612d2 (patch) | |
tree | 9ad63d3c5e960271eac24b13e94df741dca74f43 /libbe/cmdutil.py | |
parent | 64cb5e5ec672cd357bc66a8480465e531db25f52 (diff) | |
parent | 614d4e40e148520ac511cbe0606bcbdcf24c8a08 (diff) | |
download | bugseverywhere-f3de7e1a6d07b5488fd3c9e01caba53216e612d2.tar.gz |
Merged mostly completed `be email-bugs'.
Highlights:
* new be commands 'email-bugs' and 'import-xml'
* standardized <be-xml> format for XML files.
* new be-handle-mail interface '[be-bug:xml]'
* restrict_file_access security patch
* new subprocess handling submodule libbe.subproc
* test.py adjusted to use an installed VCS for most tests.
* assorted bugfixes
Altered interfaces to the following be commands:
* comment --xml tag gone, use import-xml.
* show --xml xml format updated to <be-xml> format.
Also adjusted be-mbox-to-xml and be-xml-to-mbox to handle new <be-xml>
format and provide better handling of *.extra_strings.
Diffstat (limited to 'libbe/cmdutil.py')
-rw-r--r-- | libbe/cmdutil.py | 80 |
1 files changed, 75 insertions, 5 deletions
diff --git a/libbe/cmdutil.py b/libbe/cmdutil.py index f1c8acd..e37750d 100644 --- a/libbe/cmdutil.py +++ b/libbe/cmdutil.py @@ -30,10 +30,10 @@ import sys import doctest import bugdir +import comment import plugin import encoding - class UserError(Exception): def __init__(self, msg): Exception.__init__(self, msg) @@ -76,11 +76,12 @@ def get_command(command_name): return cmd -def execute(cmd, args, manipulate_encodings=True): +def execute(cmd, args, manipulate_encodings=True, restrict_file_access=False): enc = encoding.get_encoding() cmd = get_command(cmd) ret = cmd.execute([a.decode(enc) for a in args], - manipulate_encodings=manipulate_encodings) + manipulate_encodings=manipulate_encodings, + restrict_file_access=restrict_file_access) if ret == None: ret = 0 return ret @@ -213,16 +214,85 @@ def underlined(instring): return "%s\n%s" % (instring, "="*len(instring)) -def bug_from_shortname(bdir, shortname): +def restrict_file_access(bugdir, path): + """ + Check that the file at path is inside bugdir.root. This is + important if you allow other users to execute becommands with your + username (e.g. if you're running be-handle-mail through your + ~/.procmailrc). If this check wasn't made, a user could e.g. + run + be commit -b ~/.ssh/id_rsa "Hack to expose ssh key" + which would expose your ssh key to anyone who could read the VCS + log. + """ + in_root = bugdir.vcs.path_in_root(path, bugdir.root) + if in_root == False: + raise UserError('file access restricted!\n %s not in %s' + % (path, bugdir.root)) + +def parse_id(id): + """ + Return (bug_id, comment_id) tuple. + Basically inverts Comment.comment_shortnames() + >>> parse_id('XYZ') + ('XYZ', None) + >>> parse_id('XYZ:123') + ('XYZ', ':123') + >>> parse_id('') + Traceback (most recent call last): + ... + UserError: invalid id ''. + >>> parse_id('::') + Traceback (most recent call last): + ... + UserError: invalid id '::'. + """ + if len(id) == 0: + raise UserError("invalid id '%s'." % id) + if id.count(':') > 1: + raise UserError("invalid id '%s'." % id) + elif id.count(':') == 1: + # Split shortname generated by Comment.comment_shortnames() + bug_id,comment_id = id.split(':') + comment_id = ':'+comment_id + else: + bug_id = id + comment_id = None + return (bug_id, comment_id) + +def bug_from_id(bdir, id): """ Exception translation for the command-line interface. + id can be either the bug shortname or the full uuid. """ try: - bug = bdir.bug_from_shortname(shortname) + bug = bdir.bug_from_shortname(id) except (bugdir.MultipleBugMatches, bugdir.NoBugMatches), e: raise UserError(e.message) return bug +def bug_comment_from_id(bdir, id): + """ + Return (bug,comment) tuple matching shortname. id can be either + the bug/comment shortname or the full uuid. If there is no + comment part to the id, the returned comment is the bug's + .comment_root. + """ + bug_id,comment_id = parse_id(id) + try: + bug = bdir.bug_from_shortname(bug_id) + except (bugdir.MultipleBugMatches, bugdir.NoBugMatches), e: + raise UserError(e.message) + if comment_id == None: + comm = bug.comment_root + else: + #bug.load_comments(load_full=False) + try: + comm = bug.comment_root.comment_from_shortname(comment_id) + except comment.InvalidShortname, e: + raise UserError(e.message) + return (bug, comm) + def _test(): import doctest import sys |