Mercurial > public > mercurial-scm > hg-stable

diff mercurial/subrepo.py @ 33656:db83a1df03fe stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
subrepo: add tests for git rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.
author Sean Farley <sean@farley.io>
date Mon, 31 Jul 2017 14:55:11 -0700
parents 60ee7af2a2ba
children d5b2beca16c0
line wrap: on
line diff
--- a/mercurial/subrepo.py	Mon Jul 31 16:44:17 2017 -0700
+++ b/mercurial/subrepo.py	Mon Jul 31 14:55:11 2017 -0700
@@ -1550,6 +1550,9 @@
 
     def _fetch(self, source, revision):
         if self._gitmissing():
+            # SEC: check for safe ssh url
+            util.checksafessh(source)
+
             source = self._abssource(source)
             self.ui.status(_('cloning subrepo %s from %s\n') %
                             (self._relpath, source))