D8353: debugcommands: create new debugantivirusrunning command
durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
This writes the EICAR test file to .hg/cache, in an attempt to trigger
an AV scanner's scanning engine. This should let us (in theory) detect
some cases when a user's slowness is a result of AV scanning.
> In D8353#124948 <https://phab.mercurial-scm.org/D8353#124948>, @mharbison72 wrote:
>> Should it delete the file after writing it, or don't bother because the AV may have it locked?
> I figured just leave it since it's tiny, but maybe we should sleep for a while and then remove it?
That might work. I don't feel too strongly about it, but it seemed weird to leave junk in there and I only realized why as I was writing out the comment. The couple of times I've worked on viruses that evaded detection, file names are what I keyed in on.
find the ancestor revision of two revisions in a given index
+ attempt to trigger an antivirus scanner to see if one is active
apply a stream clone bundle file
diff --git a/tests/test-completion.t b/tests/test-completion.t
@@ -74,6 +74,7 @@
Show debug commands if there are no other candidates
$ hg debugcomplete debug
@@ -260,6 +261,7 @@
copy: forget, after, at-rev, force, include, exclude, dry-run
debugbackupbundle: recover, patch, git, limit, no-merges, stat, graph, style, template
debugbuilddag: mergeable-file, overwritten-file, new-file
diff --git a/mercurial/debugcommands.py b/mercurial/debugcommands.py
@@ -127,6 +127,23 @@
ui.write(b'%d:%s\n' % (r.rev(a), hex(a)))
+def debugantivirusrunning(ui, repo):
+ """attempt to trigger an antivirus scanner to see if one is active"""
+ with repo.cachevfs.open('eicar-test-file.com', b'wb') as f:
+ # This is a base85-armored version of the EICAR test file. See
+ # https://en.wikipedia.org/wiki/EICAR_test_file for details.
+ # Give an AV engine time to scan the file.
@command(b'debugapplystreamclonebundle', , b'FILE')
def debugapplystreamclonebundle(ui, repo, fname):
"""apply a stream clone bundle file"""
Best guess (given I've never hit an AV problem) is that the AV engine would lose its lunch on the EICAR file and alert the user. I figure if the AV engine isn't picking up on it after 2 seconds then it's probably also not a performance issue for us.