Mercurial > public > mercurial-scm > hg
comparison mercurial/windows.py @ 33651:739cc0f9cbb4 stable
ssh: ban any username@host or host that starts with - (SEC)
This paranoia probably isn't required, but it can't hurt either.
| author | Augie Fackler <augie@google.com> |
|---|---|
| date | Fri, 04 Aug 2017 14:00:03 -0400 |
| parents | 605f124d1146 |
| children | 8cb9e921ef8c |
comparison
equal
deleted
inserted
replaced
| 33650:0b3fe3910ef5 | 33651:739cc0f9cbb4 |
|---|---|
| 15 import sys | 15 import sys |
| 16 | 16 |
| 17 from .i18n import _ | 17 from .i18n import _ |
| 18 from . import ( | 18 from . import ( |
| 19 encoding, | 19 encoding, |
| 20 error, | |
| 20 policy, | 21 policy, |
| 21 pycompat, | 22 pycompat, |
| 22 win32, | 23 win32, |
| 23 ) | 24 ) |
| 24 | 25 |
| 201 | 202 |
| 202 def sshargs(sshcmd, host, user, port): | 203 def sshargs(sshcmd, host, user, port): |
| 203 '''Build argument list for ssh or Plink''' | 204 '''Build argument list for ssh or Plink''' |
| 204 pflag = 'plink' in sshcmd.lower() and '-P' or '-p' | 205 pflag = 'plink' in sshcmd.lower() and '-P' or '-p' |
| 205 args = user and ("%s@%s" % (user, host)) or host | 206 args = user and ("%s@%s" % (user, host)) or host |
| 207 if args.startswith('-') or args.startswith('/'): | |
| 208 raise error.Abort( | |
| 209 _('illegal ssh hostname or username starting with - or /: %s') % | |
| 210 args) | |
| 206 return port and ("%s %s %s" % (args, pflag, port)) or args | 211 return port and ("%s %s %s" % (args, pflag, port)) or args |
| 207 | 212 |
| 208 def setflags(f, l, x): | 213 def setflags(f, l, x): |
| 209 pass | 214 pass |
| 210 | 215 |