105 $ URL=`$PYTHON -c "import os; print 'file://localhost' + ('/' + os.getcwd().replace(os.sep, '/')).replace('//', '/') + '/../test'"` |
105 $ URL=`$PYTHON -c "import os; print 'file://localhost' + ('/' + os.getcwd().replace(os.sep, '/')).replace('//', '/') + '/../test'"` |
106 $ hg pull -q "$URL" |
106 $ hg pull -q "$URL" |
107 |
107 |
108 SEC: check for unsafe ssh url |
108 SEC: check for unsafe ssh url |
109 |
109 |
|
110 $ cat >> $HGRCPATH << EOF |
|
111 > [ui] |
|
112 > ssh = sh -c "read l; read l; read l" |
|
113 > EOF |
|
114 |
110 $ hg pull 'ssh://-oProxyCommand=touch${IFS}owned/path' |
115 $ hg pull 'ssh://-oProxyCommand=touch${IFS}owned/path' |
111 pulling from ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path |
116 pulling from ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path |
112 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
117 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
113 [255] |
118 [255] |
114 $ hg pull 'ssh://%2DoProxyCommand=touch${IFS}owned/path' |
119 $ hg pull 'ssh://%2DoProxyCommand=touch${IFS}owned/path' |
115 pulling from ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path |
120 pulling from ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path |
116 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
121 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
117 [255] |
122 [255] |
118 $ hg pull 'ssh://fakehost|shellcommand/path' |
123 $ hg pull 'ssh://fakehost|touch${IFS}owned/path' |
119 pulling from ssh://fakehost%7Cshellcommand/path |
124 pulling from ssh://fakehost%7Ctouch%24%7BIFS%7Downed/path |
120 abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path' |
125 abort: no suitable response from remote hg! |
121 [255] |
126 [255] |
122 $ hg pull 'ssh://fakehost%7Cshellcommand/path' |
127 $ hg pull 'ssh://fakehost%7Ctouch%20owned/path' |
123 pulling from ssh://fakehost%7Cshellcommand/path |
128 pulling from ssh://fakehost%7Ctouch%20owned/path |
124 abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path' |
129 abort: no suitable response from remote hg! |
125 [255] |
130 [255] |
126 |
131 |
|
132 $ [ ! -f owned ] || echo 'you got owned' |
|
133 |
127 $ cd .. |
134 $ cd .. |