# HG changeset patch
# User Dmitry Neverov <dmitry.neverov@gmail.com>
# Date 1516825196 -3600
# Node ID 64b5816390f9370eaf83051faf70270d7e53daf1
# Parent  2b1bd4bca6ad4ac7d3918853a0b48af5bdeb1758
TW-50054 support hg path whitelist

Use hg path from VCS root only if it in whitelist

diff -r 2b1bd4bca6ad -r 64b5816390f9 mercurial-common/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/Constants.java
--- a/mercurial-common/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/Constants.java	Wed Jan 24 13:49:01 2018 +0100
+++ b/mercurial-common/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/Constants.java	Wed Jan 24 21:19:56 2018 +0100
@@ -45,4 +45,5 @@
   String CUSTOM_CLONE_PATH_ENABLED = "teamcity.hg.customClonePathEnabled";
   String CUSTOM_CLONE_PATH_WHITELIST = "teamcity.hg.customClonePathWhitelist";
   String CUSTOM_CACHES_DIR = "teamcity.hg.customCachesDir";
+  String HG_PATH_WHITELIST = "teamcity.hg.hgPathWhitelist";
 }
diff -r 2b1bd4bca6ad -r 64b5816390f9 mercurial-common/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/command/HgVcsRoot.java
--- a/mercurial-common/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/command/HgVcsRoot.java	Wed Jan 24 13:49:01 2018 +0100
+++ b/mercurial-common/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/command/HgVcsRoot.java	Wed Jan 24 21:19:56 2018 +0100
@@ -265,4 +265,18 @@
     }
     return false;
   }
+
+  public static boolean isAllowedHgPath(@Nullable String path) {
+    if (StringUtil.isEmptyOrSpaces(path))
+      return false;
+    String whitelist = TeamCityProperties.getProperty(Constants.HG_PATH_WHITELIST);
+    if (StringUtil.isEmpty(whitelist))
+      return false;
+    List<String> paths = StringUtil.split(whitelist, ";");
+    for (String p : paths) {
+      if (p.equals(path))
+        return true;
+    }
+    return false;
+  }
 }
diff -r 2b1bd4bca6ad -r 64b5816390f9 mercurial-server/resources/buildServerResources/mercurialSettings.jsp
--- a/mercurial-server/resources/buildServerResources/mercurialSettings.jsp	Wed Jan 24 13:49:01 2018 +0100
+++ b/mercurial-server/resources/buildServerResources/mercurialSettings.jsp	Wed Jan 24 21:19:56 2018 +0100
@@ -92,6 +92,7 @@
     <td>
       <props:textProperty name="hgCommandPath" className="longField" />
       <span class="error" id="error_hgCommandPath"></span>
+      <div class="smallNote" style="margin: 0;">The path will be used on TeamCity server only if it is included into whitelist.<bs:help file="Mercurial" anchor="Pathtohgexecutabledetection"/></div>
     </td>
   </tr>
   <tr class="advancedSetting">
diff -r 2b1bd4bca6ad -r 64b5816390f9 mercurial-server/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/ServerHgPathProvider.java
--- a/mercurial-server/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/ServerHgPathProvider.java	Wed Jan 24 13:49:01 2018 +0100
+++ b/mercurial-server/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/ServerHgPathProvider.java	Wed Jan 24 21:19:56 2018 +0100
@@ -33,17 +33,12 @@
 
 
   public String getHgPath(@NotNull final HgVcsRoot root) {
-    String serverWideHgPath = myConfig.getHgPath();
-    if (serverWideHgPath != null) {
-      return serverWideHgPath;
+    String pathFromRoot = root.getHgPath();
+    if (HgVcsRoot.isAllowedHgPath(pathFromRoot)) {
+      return pathFromRoot;
     } else {
-      String pathFromRoot = root.getHgPath();
-      if (pathFromRoot.equals(unresolvedAgentHgPath())) {
-        //try to use hg from the PATH:
-        return "hg";
-      } else {
-        return pathFromRoot;
-      }
+      String serverWideHgPath = myConfig.getHgPath();
+      return serverWideHgPath != null ? serverWideHgPath : "hg";
     }
   }
 
diff -r 2b1bd4bca6ad -r 64b5816390f9 mercurial-tests/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/HgVcsRootTest.java
--- a/mercurial-tests/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/HgVcsRootTest.java	Wed Jan 24 13:49:01 2018 +0100
+++ b/mercurial-tests/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/HgVcsRootTest.java	Wed Jan 24 21:19:56 2018 +0100
@@ -141,6 +141,30 @@
     assertEquals(hgRoot.getCustomClonePath(), tempDir.getCanonicalPath());
   }
 
+  public void hg_path_whitelist() throws Exception {
+    assertFalse(HgVcsRoot.isAllowedHgPath(null));
+    assertFalse(HgVcsRoot.isAllowedHgPath("/some/path"));
+    setInternalProperty(Constants.HG_PATH_WHITELIST, "/some/path1;/some/path2");
+    assertTrue(HgVcsRoot.isAllowedHgPath("/some/path1"));
+    assertTrue(HgVcsRoot.isAllowedHgPath("/some/path2"));
+    assertFalse(HgVcsRoot.isAllowedHgPath("/some/other/path"));
+    assertFalse(HgVcsRoot.isAllowedHgPath("/some/path11"));
+    assertFalse(HgVcsRoot.isAllowedHgPath("/some/path1/hg"));
+
+    ServerHgPathProvider serverHgPathProvider = new ServerHgPathProvider(new ServerPluginConfigBuilder().build());
+    HgVcsRoot root = new HgVcsRoot(vcsRoot().withHgPath("/some/other/path").withUrl("http://some.org/repo").build());
+    assertEquals("hg", serverHgPathProvider.getHgPath(root));
+
+    serverHgPathProvider = new ServerHgPathProvider(new ServerPluginConfigBuilder().hgPath("/server/hg/path").build());
+    root = new HgVcsRoot(vcsRoot().withHgPath("/some/other/path").withUrl("http://some.org/repo").build());
+    assertEquals("/server/hg/path", serverHgPathProvider.getHgPath(root));
+
+    root = new HgVcsRoot(vcsRoot().withHgPath("/some/path1").withUrl("http://some.org/repo").build());
+    assertEquals("/some/path1", serverHgPathProvider.getHgPath(root));
+    root = new HgVcsRoot(vcsRoot().withHgPath("/some/path2").withUrl("http://some.org/repo").build());
+    assertEquals("/some/path2", serverHgPathProvider.getHgPath(root));
+  }
+
   private VcsRootImpl createVcsRoot(String url) {
     return createVcsRoot(url, "user", "pwd");
   }
diff -r 2b1bd4bca6ad -r 64b5816390f9 mercurial-tests/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/ServerHgPathProviderTest.java
--- a/mercurial-tests/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/ServerHgPathProviderTest.java	Wed Jan 24 13:49:01 2018 +0100
+++ b/mercurial-tests/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/ServerHgPathProviderTest.java	Wed Jan 24 21:19:56 2018 +0100
@@ -26,20 +26,22 @@
  * @author dmitry.neverov
  */
 @Test
-public class ServerHgPathProviderTest {
+public class ServerHgPathProviderTest extends BaseMercurialTestCase {
 
   private String myServerWideHgPath;
   private String myVcsRootHgPath;
 
 
   @BeforeMethod
-  public void setUp() {
+  public void setUp() throws Exception {
+    super.setUp();
     myServerWideHgPath = null;
     myVcsRootHgPath = "/vcs/root/hg/path";
   }
 
 
-  public void server_should_use_settings_from_vcs_root_if_server_wide_path_is_not_set() throws Exception {
+  public void server_should_use_settings_from_vcs_root_if_server_wide_path_is_not_set_and_path_is_in_whitelist() throws Exception {
+    setInternalProperty(Constants.HG_PATH_WHITELIST, myVcsRootHgPath);
     myServerWideHgPath = null;
     HgPathProvider provider = createHgPathProvider();
     HgVcsRoot root = createHgRoot();