Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/subrepo.py @ 33655:60ee7af2a2ba stable
subrepo: add tests for svn rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
| author | Sean Farley <sean@farley.io> |
|---|---|
| date | Mon, 31 Jul 2017 16:44:17 -0700 |
| parents | 0407a51b9d8c |
| children | db83a1df03fe |
comparison
equal
deleted
inserted
replaced
| 33654:475af2f89636 | 33655:60ee7af2a2ba |
|---|---|
| 1279 if self._svnversion >= (1, 5): | 1279 if self._svnversion >= (1, 5): |
| 1280 args.append('--force') | 1280 args.append('--force') |
| 1281 # The revision must be specified at the end of the URL to properly | 1281 # The revision must be specified at the end of the URL to properly |
| 1282 # update to a directory which has since been deleted and recreated. | 1282 # update to a directory which has since been deleted and recreated. |
| 1283 args.append('%s@%s' % (state[0], state[1])) | 1283 args.append('%s@%s' % (state[0], state[1])) |
| 1284 | |
| 1285 # SEC: check that the ssh url is safe | |
| 1286 util.checksafessh(state[0]) | |
| 1287 | |
| 1284 status, err = self._svncommand(args, failok=True) | 1288 status, err = self._svncommand(args, failok=True) |
| 1285 _sanitize(self.ui, self.wvfs, '.svn') | 1289 _sanitize(self.ui, self.wvfs, '.svn') |
| 1286 if not re.search('Checked out revision [0-9]+.', status): | 1290 if not re.search('Checked out revision [0-9]+.', status): |
| 1287 if ('is already a working copy for a different URL' in err | 1291 if ('is already a working copy for a different URL' in err |
| 1288 and (self._wcchanged()[:2] == (False, False))): | 1292 and (self._wcchanged()[:2] == (False, False))): |