util: add utility method to check for bad ssh urls (SEC)
Our use of SSH has an exploit that will parse the first part of an url
blindly as a hostname. Prior to this set of security patches, a url
with '-oProxyCommand' could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' can be abused to execute
arbitrary commands in a similar fashion.
We defend against this by checking ssh:// URLs and looking for a
hostname that starts with a - or contains a |.
When this happens, let's throw a big abort into the user's face so
that they can inspect what's going on.
#!/usr/bin/env python
# Dump revlogs as raw data stream
# $ find .hg/store/ -name "*.i" | xargs dumprevlog > repo.dump
from __future__ import absolute_import, print_function
import sys
from mercurial import (
node,
revlog,
util,
)
for fp in (sys.stdin, sys.stdout, sys.stderr):
util.setbinary(fp)
for f in sys.argv[1:]:
binopen = lambda fn: open(fn, 'rb')
r = revlog.revlog(binopen, f)
print("file:", f)
for i in r:
n = r.node(i)
p = r.parents(n)
d = r.revision(n)
print("node:", node.hex(n))
print("linkrev:", r.linkrev(i))
print("parents:", node.hex(p[0]), node.hex(p[1]))
print("length:", len(d))
print("-start-")
print(d)
print("-end-")