Mercurial > public > mercurial-scm > hg
comparison mercurial/posix.py @ 33635:e10745311406 stable
ssh: ban any username@host or host that starts with - (SEC)
This paranoia probably isn't required, but it can't hurt either.
| author | Augie Fackler <augie@google.com> |
|---|---|
| date | Fri, 04 Aug 2017 14:00:03 -0400 |
| parents | 52361c4f4dac |
| children | 00a75672a9cb |
comparison
equal
deleted
inserted
replaced
| 33634:53224b1ffbc2 | 33635:e10745311406 |
|---|---|
| 21 import unicodedata | 21 import unicodedata |
| 22 | 22 |
| 23 from .i18n import _ | 23 from .i18n import _ |
| 24 from . import ( | 24 from . import ( |
| 25 encoding, | 25 encoding, |
| 26 error, | |
| 26 pycompat, | 27 pycompat, |
| 27 ) | 28 ) |
| 28 | 29 |
| 29 posixfile = open | 30 posixfile = open |
| 30 normpath = os.path.normpath | 31 normpath = os.path.normpath |
| 89 return pf | 90 return pf |
| 90 | 91 |
| 91 def sshargs(sshcmd, host, user, port): | 92 def sshargs(sshcmd, host, user, port): |
| 92 '''Build argument list for ssh''' | 93 '''Build argument list for ssh''' |
| 93 args = user and ("%s@%s" % (user, host)) or host | 94 args = user and ("%s@%s" % (user, host)) or host |
| 95 if '-' in args[:2]: | |
| 96 raise error.Abort( | |
| 97 _('illegal ssh hostname or username starting with -: %s') % args) | |
| 94 return port and ("%s -p %s" % (args, port)) or args | 98 return port and ("%s -p %s" % (args, port)) or args |
| 95 | 99 |
| 96 def isexec(f): | 100 def isexec(f): |
| 97 """check whether a file is executable""" | 101 """check whether a file is executable""" |
| 98 return (os.lstat(f).st_mode & 0o100 != 0) | 102 return (os.lstat(f).st_mode & 0o100 != 0) |