Mercurial > public > mercurial-scm > hg
comparison mercurial/util.py @ 33641:173ecccb9ee7 stable
subrepo: add tests for svn rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
| author | Sean Farley <sean@farley.io> |
|---|---|
| date | Mon, 31 Jul 2017 16:44:17 -0700 |
| parents | 53224b1ffbc2 |
| children | 943c91326b23 |
comparison
equal
deleted
inserted
replaced
| 33640:55681baf4cf9 | 33641:173ecccb9ee7 |
|---|---|
| 2888 user. | 2888 user. |
| 2889 | 2889 |
| 2890 Raises an error.Abort when the url is unsafe. | 2890 Raises an error.Abort when the url is unsafe. |
| 2891 """ | 2891 """ |
| 2892 path = urlreq.unquote(path) | 2892 path = urlreq.unquote(path) |
| 2893 if path.startswith('ssh://-') or '|' in path: | 2893 if (path.startswith('ssh://-') or path.startswith('svn+ssh://-') |
| 2894 or '|' in path): | |
| 2894 raise error.Abort(_('potentially unsafe url: %r') % | 2895 raise error.Abort(_('potentially unsafe url: %r') % |
| 2895 (path,)) | 2896 (path,)) |
| 2896 | 2897 |
| 2897 def hidepassword(u): | 2898 def hidepassword(u): |
| 2898 '''hide user credential in a url string''' | 2899 '''hide user credential in a url string''' |