Mercurial > public > mercurial-scm > hg
comparison mercurial/subrepo.py @ 33642:ca398a50ca00 stable
subrepo: add tests for git rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
| author | Sean Farley <sean@farley.io> |
|---|---|
| date | Mon, 31 Jul 2017 14:55:11 -0700 |
| parents | 173ecccb9ee7 |
| children |
comparison
equal
deleted
inserted
replaced
| 33641:173ecccb9ee7 | 33642:ca398a50ca00 |
|---|---|
| 1541 self._subsource = source | 1541 self._subsource = source |
| 1542 return _abssource(self) | 1542 return _abssource(self) |
| 1543 | 1543 |
| 1544 def _fetch(self, source, revision): | 1544 def _fetch(self, source, revision): |
| 1545 if self._gitmissing(): | 1545 if self._gitmissing(): |
| 1546 # SEC: check for safe ssh url | |
| 1547 util.checksafessh(source) | |
| 1548 | |
| 1546 source = self._abssource(source) | 1549 source = self._abssource(source) |
| 1547 self.ui.status(_('cloning subrepo %s from %s\n') % | 1550 self.ui.status(_('cloning subrepo %s from %s\n') % |
| 1548 (self._relpath, source)) | 1551 (self._relpath, source)) |
| 1549 self._gitnodir(['clone', source, self._abspath]) | 1552 self._gitnodir(['clone', source, self._abspath]) |
| 1550 if self._githavelocally(revision): | 1553 if self._githavelocally(revision): |