Mercurial Mercurial > mercurial / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
clone: add tests for unsafe ssh url (SEC) stable
authorSean Farley <sean@farley.io>
Fri, 28 Jul 2017 16:36:36 -0700
branchstable
changeset 33637 f9134e96ed0f
parent 33636 f93975a5ebe8
child 33638 92b583e3e522
clone: add tests for unsafe ssh url (SEC)
tests/test-clone.t file | annotate | diff | comparison | revisions 
--- a/tests/test-clone.t	Tue Aug 01 14:40:19 2017 -0700
+++ b/tests/test-clone.t	Fri Jul 28 16:36:36 2017 -0700
@@ -1092,3 +1092,25 @@
   adding remote bookmark bookA
   updating working directory
   1 files updated, 0 files merged, 0 files removed, 0 files unresolved
+
+SEC: check for unsafe ssh url
+
+  $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path'
+  abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path'
+  [255]
+  $ hg clone 'ssh://%2DoProxyCommand=touch${IFS}owned/path'
+  abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path'
+  [255]
+  $ hg clone 'ssh://fakehost|shellcommand/path'
+  abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path'
+  [255]
+  $ hg clone 'ssh://fakehost%7Cshellcommand/path'
+  abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path'
+  [255]
+
+  $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path'
+  abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path'
+  [255]
+We should not have created a file named owned - if it exists, the
+attack succeeded.
+  $ if test -f owned; then echo 'you got owned'; fi
mercurial