util: add utility method to check for bad ssh urls (SEC)
Our use of SSH has an exploit that will parse the first part of an url
blindly as a hostname. Prior to this set of security patches, a url
with '-oProxyCommand' could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' can be abused to execute
arbitrary commands in a similar fashion.
We defend against this by checking ssh:// URLs and looking for a
hostname that starts with a - or contains a |.
When this happens, let's throw a big abort into the user's face so
that they can inspect what's going on.
# debugshell extension
"""a python shell with repo, changelog & manifest objects"""
from __future__ import absolute_import
import code
import mercurial
import sys
from mercurial import (
cmdutil,
demandimport,
)
cmdtable = {}
command = cmdutil.command(cmdtable)
def pdb(ui, repo, msg, **opts):
objects = {
'mercurial': mercurial,
'repo': repo,
'cl': repo.changelog,
'mf': repo.manifestlog,
}
code.interact(msg, local=objects)
def ipdb(ui, repo, msg, **opts):
import IPython
cl = repo.changelog
mf = repo.manifestlog
cl, mf # use variables to appease pyflakes
IPython.embed()
@command('debugshell|dbsh', [])
def debugshell(ui, repo, **opts):
bannermsg = "loaded repo : %s\n" \
"using source: %s" % (repo.root,
mercurial.__path__[0])
pdbmap = {
'pdb' : 'code',
'ipdb' : 'IPython'
}
debugger = ui.config("ui", "debugger")
if not debugger:
debugger = 'pdb'
# if IPython doesn't exist, fallback to code.interact
try:
with demandimport.deactivated():
__import__(pdbmap[debugger])
except ImportError:
ui.warn(("%s debugger specified but %s module was not found\n")
% (debugger, pdbmap[debugger]))
debugger = 'pdb'
getattr(sys.modules[__name__], debugger)(ui, repo, bannermsg, **opts)