Mercurial > public > mercurial-scm > hg
comparison mercurial/util.py @ 33657:60ee7af2a2ba stable
subrepo: add tests for svn rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
| author | Sean Farley <sean@farley.io> |
|---|---|
| date | Mon, 31 Jul 2017 16:44:17 -0700 |
| parents | 0b3fe3910ef5 |
| children | 3fee7f7d2da0 |
comparison
equal
deleted
inserted
replaced
| 33656:475af2f89636 | 33657:60ee7af2a2ba |
|---|---|
| 2903 user. | 2903 user. |
| 2904 | 2904 |
| 2905 Raises an error.Abort when the url is unsafe. | 2905 Raises an error.Abort when the url is unsafe. |
| 2906 """ | 2906 """ |
| 2907 path = urlreq.unquote(path) | 2907 path = urlreq.unquote(path) |
| 2908 if path.startswith('ssh://-') or '|' in path: | 2908 if (path.startswith('ssh://-') or path.startswith('svn+ssh://-') |
| 2909 or '|' in path): | |
| 2909 raise error.Abort(_('potentially unsafe url: %r') % | 2910 raise error.Abort(_('potentially unsafe url: %r') % |
| 2910 (path,)) | 2911 (path,)) |
| 2911 | 2912 |
| 2912 def hidepassword(u): | 2913 def hidepassword(u): |
| 2913 '''hide user credential in a url string''' | 2914 '''hide user credential in a url string''' |