Mercurial Mercurial > hg-stable / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
contrib/asv.conf.json
author Sean Farley <sean@farley.io>
Fri, 28 Jul 2017 16:32:25 -0700
branchstable
changeset 33632 53224b1ffbc2
parent 30416 cff0f5926797
permissions -rw-r--r--
util: add utility method to check for bad ssh urls (SEC) Our use of SSH has an exploit that will parse the first part of an url blindly as a hostname. Prior to this set of security patches, a url with '-oProxyCommand' could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' can be abused to execute arbitrary commands in a similar fashion. We defend against this by checking ssh:// URLs and looking for a hostname that starts with a - or contains a |. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

{
    "version": 1,
    "project": "mercurial",
    "project_url": "https://mercurial-scm.org/",
    "repo": "..",
    "branches": ["default", "stable"],
    "environment_type": "virtualenv",
    "show_commit_url": "https://www.mercurial-scm.org/repo/hg/rev/",
    "benchmark_dir": "benchmarks",
    "env_dir": "../.asv/env",
    "results_dir": "../.asv/results",
    "html_dir": "../.asv/html"
}
hg-stable