Mercurial > public > mercurial-scm > hg-stable

diff mercurial/util.py @ 33655:60ee7af2a2ba stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
subrepo: add tests for svn rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.
author Sean Farley <sean@farley.io>
date Mon, 31 Jul 2017 16:44:17 -0700
parents 0b3fe3910ef5
children 3fee7f7d2da0
line wrap: on
line diff
--- a/mercurial/util.py	Mon Jul 31 16:04:44 2017 -0700
+++ b/mercurial/util.py	Mon Jul 31 16:44:17 2017 -0700
@@ -2905,7 +2905,8 @@
     Raises an error.Abort when the url is unsafe.
     """
     path = urlreq.unquote(path)
-    if path.startswith('ssh://-') or '|' in path:
+    if (path.startswith('ssh://-') or path.startswith('svn+ssh://-')
+        or '|' in path):
         raise error.Abort(_('potentially unsafe url: %r') %
                           (path,))